Access Control List API

Introduction

The routines in the ACL Editor API are distinguished with names having the prefix "sec_acl_".

Background is given in Introduction to Security Services , especially ACL Editors .

Note:

The sec_acl API is designed to be a general programming interface for managing all ACLs in such a way that the client is unaware of the principal identity of the server that controls the objects protected by the ACLs. As such, the server's principal name does not occur as a parameter to the sec_acl API (see, for example, sec_acl_bind()). This implies, in particular, that the sec_acl API supports only one-way (client-to-server) authentication, not mutual (server-to-client) authentication. Applications that require mutual authentication should use the "raw" rdacl RPC protocol, not the sec_acl API. (Mutual authentication may be added to the sec_acl API in a future revision of DCE.)