NAME

 sec_intro - Application Program Interface to the DCE Security Service

 DESCRIPTION

 The Distributed Computing Environment (DCE) Security Service Application
 Program Interface (API) allows developers to create network services with
 complete access to all the authentication and authorization capabilities
 of DCE Security Service and facilities.

 The transaction of a network service generally consists of a client
 process requesting some action from a server process. The client may
 itself be a server, or a user, and the server may also be a client of
 other servers.  Before the targeted server executes the specified action,
 it must be sure of the client's identity, and it must know whether the
 client is authorized to request the service.

 The Security Service API consists of the following sets of Remote
 Procedure Calls (RPCs) used to communicate with various security-
 related services and facilities:

   +  rgy - Maintains the network registry of principal identities.

   +  era - Maintains extended registry attributes.

   +  login - Validates a principal's network identity and establish
              delegated identities.

   +  epa - Extracts privilege attributes from an opaque binding handle.

   +  acl - Implements an Access Control List (ACL) protocol for the
            authorization of a principal to network access and services.

   +  key - Provides facilities for the maintenance of account keys for
            daemon principals.

   +  id - Maps file system names to Universal Unique IDs (UUIDs).

   +  pwd_mgmt - Provides facilities for password management.

 All the calls in this API have names beginning with the sec_ prefix.
 These are the same calls used by various user-level tools provided as
 part of the DCE. For example, the sec_create_db tool is written with
 sec_rgy calls, acl_edit is written with sec_acl calls, and the login
 program, with which a user logs in to a DCE system, is written using
 sec_login calls.  Most sites will find the user-level tools adequate
 for their needs, and only must use the Security Service API to
 customize or replace the functionality of these tools.

 Though most of the calls in the Security Service API represent RPC
 transactions, code has been provided on the client side to handle much
 of the overhead involved with making remote calls. These "stubs" handle
 binding to the requested security server site, the marshalling of data
 into whatever form is needed for transmission, and other bookkeeping
 involved with these remote calls. An application programmer can use
 the Security Service interfaces as if they were composed of simple C
 functions.

 This reference page introduces each of the following APIs:

   +  Registry APIs

   +  Login APIs

   +  Extended Privilege Attributes APIs

   +  Extended Registry Attributes APIs

   +  ACL APIs

   +  Key Management APIs

   +  ID Mapping APIs

   +  Password Management APIs

 The section for each API is organized as follows:

   +  Synopsis

   +  Data Types

   +  Constants

   +  Files

  Additional Information (explode) :

• REGISTRY_API_DATA_TYPES
• EXTENDED_REGISTRY_ATTRIBUTE_DATA_TYPES
• LOGIN_API_DATA_TYPES
• EXTENDED_PRIVILEGE_ATTRIBUTE_API_DATA_TYPES
• ACL_API_DATA_TYPES
• KEY_MANAGEMENT_API_DATA_TYPES
• ID_MAPPING_API_DATA_TYPES
• PASSWORD_MANAGEMENT_API_DATA_TYPES