Previous section.

DCE 1.1: Authentication and Security Services
Copyright © 1997 The Open Group

Access Control List API


The routines in the ACL Editor API are distinguished with names having the prefix "sec_acl_".

Background is given in Introduction to Security Services , especially ACL Editors .

The sec_acl API is designed to be a general programming interface for managing all ACLs in such a way that the client is unaware of the principal identity of the server that controls the objects protected by the ACLs. As such, the server's principal name does not occur as a parameter to the sec_acl API (see, for example, sec_acl_bind()). This implies, in particular, that the sec_acl API supports only one-way (client-to-server) authentication, not mutual (server-to-client) authentication. Applications that require mutual authentication should use the "raw" rdacl RPC protocol, not the sec_acl API. (Mutual authentication may be added to the sec_acl API in a future revision of DCE.)
Please note that the html version of this specification may contain formatting aberrations. The definitive version is available as an electronic publication on CD-ROM from The Open Group.

Contents Next section Index