Document 12969759
advertisement
The following are some of the terminology and associated acronyms frequently used in this article. Extended Privilege Attribute Certificate (EPAC). A credential provided by the DCE privilege service containing user and group identities and attribute-value pairs. This information is used by an application server to make authorization decisions. Extended Registry Attribute (ERA). A mechanism in which attribute-value pairs are associated with principals. The information in these attribute-value pairs may be used to deny or grant an authorization request. 2&-/4& 02*.$*0", 7*4) 4)& ."-&3 34/2&% *. ". "00,*$"4*/.< 30&$*'*$ %"4"#"3& )*3 -&4)/% *3 $",,&% ."-&<#"3&% "54)/< 2*:"4*/. ".% *3 "6"*,"#,& 7)&. 53*.( 4)& 3&$52& $/-< -5.*$"4*/. -&$)".*3-3 • 2*6*,&(&<#"3&% "54)/2*:"4*/. 7*4) "$$&33 $/.42/, ,*343 3&26&23 $". $)//3& 4/ 02/4&$4 4)&*2 2&3/52$&3 7*4) "$$&33 $/.42/, ,*343 3 . $/.4"*.3 &.42*&3 4)"4 %&3$2*#& 4)& 0"24*$5,"2 0&2-*33*/.3 (2".4&% 4/ 6"2*/53 02*.$*0",3 . &.429 -"9 30&$*'9 ". *.%*6*%5", 53&2 02*.$*0", ."-& " (2/50 ."-& 4)"4 *-0,*&3 3&6&2", 02*.$*0",3 /2 ;/4)&2 4/ *.%*$"4& ".9 02*.$*0", ./4 ",2&"%9 -"4$)*.( " 53&2 /2 (2/50 &.429 3&23 (2/503 ".% /4)&23 '2/- " '/2&*(. $&,, -"9 ",3/ #& 30&$*'*&% *. ". &.429 Principal. An entity such as a user, an application, or a system whose identity can be authenticated. !)&. " 3&26&2 2&$&*6&3 " 2&-/4& 2&15&34 *4 "3+3 4)& "54)&.< 4*$"4&% 25.<4*-& &.6*2/.-&.4 '/2 4)& $",,&23 )& $/.4"*.3 4)& $",,&23 02*.$*0", ".% (2/50 *%&.4*4*&3 7)*$) "2& $/-0"2&% "("*.34 4)& 4/ %&4&2-*.& *' "$$&33 *3 (2".4&% ' 4)& $",,&23 02*.$*0", *%&.4*49 -"4$)&3 4)& 02*.< $*0", *. ". &.429 ".% *' 4)"4 &.429 $/.4"*.3 4)& 2&< 15*2&% 0&2-*33*/.3 4)&. "$$&33 *3 (2".4&% ' 4)&2& *3 ./ -"4$) /. 4)& 02*.$*0", #54 /.& /' 4)& $",,&23 (2/503 -"4$)&3 " (2/50 &.429 4)&. 4)& 0&2-*33*/.3 *. 4)& (2/50 &.429 "00,9 Service Ticket. A credential used by an application client to authenticate itself to an application server. Ticket-Granting Ticket (TGT). A credential that indicates that a user has been authenticated and is therefore eligible to get tickets to other services. Identification and Authentication. )& '*234 *.4&2"$4*/. #&47&&. " 53&2 ".% 4)& 3&$52*49 3&26*$& *3 4)& ,/(*. 3&15&.$& 7)&. 4)& *%&.4*49 /' " 53&2 *3 "54)&.4*$"4&% #9 " 3&$2&4 +&9 )& 2&35,4 /' 4)*3 "54)&.4*$"4*/. *3 " 4*$+&4<(2".4*.( 4*$+&4 $/.4"*.*.( 4)& 53&2 02*.$*0",3 $2&%&.4*",3 )& *.%*$"4&3 4)"4 4)& 53&2 )"3 #&&. "54)&.4*$"4&% 4 *3 53&% "3 *43 ."-& *-0,*&3 4/ /#4"*. 4*$+&43 4/ /4)&2 3&26*$&3 )& ,*'& 30". /' " *3 ,*-*4&% 4/ &.352& 4)"4 4)& 53&2 2&02&3&.4&% #9 4)& $2&%&.4*",3 *3 4)& 53&2 $522&.4,9 53*.( 4)& 3934&- ".% 4)"4 4)& 53&23 $2&%&.4*",3 "2& 50<4/<%"4& )& ,*#2"29 *.$,5%&3 '"$*,*4*&3 4/ -"."(& 3 ".% 0&2< '/2- "54)/2*:"4*/. $)&$+3 #"3&% /. 3 "2& %&< 3$2*#&% *. 4)& "24*$,& /. 0"(& • 4)&2 "54)/2*:"4*/. 4)&2 "54)/2*:"4*/. -&$)".*3-3 "2& -"%& 0/33*#,& #9 4)& '"$*,*49 3&26&2 $". 53& 4)& 6",5& /' ".9 (*6&. "442*#54& *. " 53&23 4/ %&$*%& 7)&4)&2 *4 3)/5,% 3&26*$& /2 %&.9 ".9 (*6&. 2&15&34 02/6*%&3 4)& 2&-/4& 02/$&%52& $",, $/--5.*$"< 4*/. -&$)".*3- "3 /.& /' *43 $/2& 3&26*$&3 )& 3&$52*49 3&26*$& *3 %&3*(.&% 4/ 3500/24 02/4&$4&% $/--5.*$"4*/. )& 53&2 ".% (2/50 *%&.4*49 ".% 4)& &84&.%&% 2&(*3429 "442*< #54&3 "2& ./4 0"24 /' 4)& *335&% #9 4)& "54)&.4*$"4*/. 3&26*$& )& 02*6*,&(& 3&26*$& 3500/243 ". "%%*4*/.", "54)/< 2*:"4*/. #9 02/6*%*.( 53&2 ".% (2/50 *%&.4*4*&3 ".% "442*#54&3 *. 4)& '/2- /' ". &84&.%&% 02*6*,&(& "442*#54& $&24*'*$"4& 52*.( " ,/(*. 3&15&.$& "'4&2 4)& *3 /#4"*.&% 4)& 25.<4*-& 3&$52*49 3&26*$& -"+&3 " 2&15&34 4/ 4)& 02*6*,&(& 3&26&2 4/ *335& " 02*6*,&(& )*3 4*$+&4 *3 " $/-#*."4*/. /' 4)& ".% " 3&", /' 4)& /4 ",, %*342*#54&% "00,*$"4*/.3 *. " &.6*2/.-&.4 7*,, 53& /34 $,*&.43&26&2 "00,*$"4*/.3 *. &8*34&.$& 4/%"9 "2& -&33"(&<#"3&% ".% $)".(*.( 4)&- 4/ 53& 4)& 0"2"< %*(- *3 &80&.3*6& ".% 4*-&<$/.35-*.( 4 *3 ",3/ ./4 02"$4*< $", '/2 $&24"*. "00,*$"4*/.3 4/ 53& )&3& "00,*$"4*/.3 ./.&4)&,&33 2&15*2& 3&$52*49 /2 4)*3 2&"3/. 4)& 3&$5< 2*49 3&26*$& ./7 3500/243 4)& &.&2*$ &$52*49 &26*$& 7)*$) ",,/73 ". "00,*$"4*/. 4/ "54)&.4*$"4& *43&,' 4/ " 2&-/4& 0"249 ".% 3&$52& %"4" '/2 42".3-*33*/. /6&2 ". "2#*42"29 $/--5.*$"4*/. -&$)".*3- )& 02*6*,&(& *3 34/2&% *. 4)& 53&23 &.6*2/.-&.4 ".% *3 53&% #9 4)& 3&$52& $/--5.*$"4*/. -&$)".*3-3 4/ /#4"*. " 3&26*$& 4*$+&4 '2/- 4)& "54)&.4*$"4*/. 3&26*$& )& 3&26*$& 4*$+&4 *3 53&% #9 4)& $/--5.*$"4*/. -&$)".*3-3 4/ 0&2< '/2- -545", "54)&.4*$"4*/. #&47&&. 4)& "00,*$"4*/. $,*&.4 ".% 4)& "00,*$"4*/. 3&26&2 . &"$) /' 4)&3& &8$)".(&3 3&$2&4 3&33*/. +&93 7)*$) "2& +./7. /.,9 4/ 4)& 3&$52*49 3&26*$& 3&26&2 "2& (&.&2"4&% '/2 " 0"24*$5,"2 3&33*/. #&47&&. 4)& $,*&.4 ".% 3&26&2 )& 3&$52*49 25.<4*-& &.6*2/.-&.4 ".% &.&2*$ &$52*49 &26*$& 53& 4)&3& +&93 '/2 %"4" &.$2904*/. /2 *.4&(2*49 02/4&$4*/. (&.&2"4*/. *. ".9 .&47/2+ $/--5.*$"< 4*/. %52*.( " 0"24*$5,"2 3&33*/. #2*&' %&3$2*04*/. /' 4)& *3 (*6&. ,"4&2 *. 4)*3 "24*$,& Authorization. 3&$52*49 02/6*%&3 "00,*$"4*/. 3&26&23 7*4) -5,4*0,& /04*/.3 '/2 "54)/2*:"4*/. 3&26&2 $". $)//3& 4/ (2".4 "$$&33 4/ " 53&2 #"3&% /. /.& /' 4)& '/,,/7*.( 4)2&& -/%&,3 • "-&<#"3&% "54)/2*:"4*/. )& 3*-0,&34 #54 ,&"34 3$","#,& 7"9 /' %/*.( "54)/2*:"4*/. *3 4/ $/-0"2& 4)& ."-& /' 4)& &$&-#&2 &7,&44<"$+"2% /52.", • • • • /52 #"3*$ ,&6&,3 /' 02/4&$4*/. "2& "6"*,"#,& 7*4) &*4)&2 /2 / 02/4&$4*/. )& 3&$52*49 3&26*$& %/&3 ./4 -&%*"4& /2 0"24*$*0"4& *. 4)& $/..&$4*/. 54)&.4*$"4*/. )& 53&2 /' 4)& $,*&.4 "00,*$"4*/. *3 "54)&.4*< $"4&% 4/ 4)& 3&26&2 "4" *.4&(2*49 $2904/(2"0)*$ $)&$+35- *3 *.$,5%&% 7*4) 4)& %"4" 42".3-*44&% )& 3&$52*49 3&26*$& (5"2".4&&3 4)& %"4" 2&$&*6&% *3 *%&.4*$", 4/ 4)& %"4" 42".3-*44&% "4" 02*6"$9 )& %"4" *3 42".3-*44&% *. ". &.$2904&% '/2".% *3 4)&2&'/2& 02*6"4& 4/ 4)& 3&.%&2 ".% 4)& 2&$&*6&2 .*4&% 4"4&3 &80/24 2&(5,"4*/.3 ,*-*4 4)& "6"*,"#*,*49 /' 4)*3 ,&6&, /' 02/4&$4*/. /543*%& /' 4)& .*4&% 4"4&3 ".% "."%" )& )*()&2 02/4&$4*/. ,&6&,3 *.$,5%& 4)& 02/4&$4*/.3 /''&2&% #9 4)& ,/7&2 ,&6&,3
