HELPLIB.HLB  —  DCE  DCE_INTRO, dced_intro, Security Validation Routines
  dced_secval_start   Starts a host's security validation service

  dced_secval_validate
                      Validates that the DCE Security daemon (secd)
                      used by a specific host is legitimate

  dced_secval_status  Returns a status parameter of TRUE if the
                      security validation service is activated and
                      FALSE if not

  dced_secval_stop    Stops a host's security validation service

1  –  dced_secval_start

 NAME

   dced_secval_start - Starts the security validation service of
                       a specific host's dced

 SYNOPSIS

   #include <dce/dced.h>

   void dced_secval_start( dced_binding_handle_t  dced_bh,
                           error_status_t         *status );

 PARAMETERS

   Input

   dced_bh
       Specifies the dced binding handle for the secval service on
       a specific host.

   Output

   status
       Returns the status code from this routine.  This status code
       indicates whether the routine completed successfully or, if
       not, why not.  The possible status codes are:

            error_status_ok
            dced_s_bad_binding
            dced_s_sv_already_enabled
            sec_acl_invalid_permission

 DESCRIPTION

   The dced_secval_start() routine starts the Security Validation
   service of a specific host's dced.  This routine is typically
   used by management applications.

   The Security Validation service (secval) has two major functions:

    1.  Maintain a login context for the host's self identity.

    2.  Validate and certify to applications (usually login programs)
        that the DCE Security daemon (secd) is legitimate.

   The secval is commonly started by default when dced starts.
   See the dced_secval_stop() routine for a discussion of when to
   use the combination of dced_secval_stop() and dced_secval_start().

   Prior to calling this routine, the application must have
   established a valid dced binding handle to the secval service
   by calling either the dced_binding_create() or
   dced_binding_from_rpc_binding() routine.

 RELATED INFORMATION

   Routines:   dced_secval_stop
               dced_binding_create
               dced_binding_from_rpc_binding

   Commands: dced
             The secval object of dcecp

   Books: OSF DCE Application Development Guide.

2  –  dced_secval_validate

 NAME

   dced_secval_validate - Validates that the secd used by a
                          specific host is legitimate

 SYNOPSIS

   #include <dce/dced.h>

   void dced_secval_validate( dced_binding_handle_t  dced_bh,
                              error_status_t         *status );

 PARAMETERS

   Input

   dced_bh
       Specifies the dced binding handle for the secval service on
       a specific host.

   Output

   status
       Returns the status code from this routine.  This status code
       indicates whether the routine completed successfully or, if
       not, why not.  The possible status codes are:

            error_status_ok
            dced_s_bad_binding
            ept_s_not_registered
            rpc_s_comm_failure
            rpc_s_invalid_binding
            rpc_s_rpcd_comm_failure
            rpc_s_wrong_kind_of_binding
            sec_login_s_no_current_context

 DESCRIPTION

   The dced_secval_validate() routine validates and certifies for
   a specific host that the DCE Security daemon (secd) is legitimate.
   Typically, a login program uses the security validation service
   when it uses the Security Service's Login API (routines that begin
   with sec_login).  However, if a management application trusts some
   remote host, it can use dced_secval_validate() to validate secd,
   without logging in to the host.

 RELATED INFORMATION

   Routines:   sec_login* API
               dced_secval_start
               dced_binding_create
               dced_binding_from_rpc_binding

   Commands: dced
             The secval object of dcecp

   Books: OSF DCE Application Development Guide.

3  –  dced_secval_status

 NAME

   dced_secval_status - Indicates whether or not a specific host's
                        security validation service of dced is
                        running

 SYNOPSIS

   #include <dce/dced.h>

   void dced_secval_status( dced_binding_handle_t  dced_bh,
                            boolean32              *secval_active,
                            error_status_t         *status );

 PARAMETERS

   Input

   dced_bh
       Specifies the dced binding handle for the secval service on
       a specific host.

   Output

   secval_active
       Returns a value of TRUE if the security validation service
       is running and FALSE if it is not running.

   status
       Returns the status code from this routine.  This status code
       indicates whether the routine completed successfully or, if
       not, why not.  The possible status codes are:

            error_status_ok
            dced_s_bad_binding

 DESCRIPTION

   The dced_secval_status() routine sets a parameter to TRUE or
   FALSE depending on whether the security validation service has
   been activated or deactivated.

   Prior to calling this routine, the application must have
   established a valid dced binding handle to the secval service
   by calling either the dced_binding_create() or
   dced_binding_from_rpc_binding() routine.

 RELATED INFORMATION

   Routines:   dced_secval_start
               dced_secval_stop
               dced_binding_create
               dced_binding_from_rpc_binding

   Commands: dced
             the secval object of dcecp

   Books: OSF DCE Application Development Guide.

4  –  dced_secval_stop

 NAME

   dced_secval_stop - Stops the security validation service of
                      a specific host's dced

 SYNOPSIS

   #include <dce/dced.h>

   void dced_secval_stop( dced_binding_handle_t  dced_bh,
                          error_status_t         *status );

 PARAMETERS

   Input

   dced_bh
       Specifies the dced binding handle for the secval service on
       a specific host.

   Output

   status
       Returns the status code from this routine.  This status code
       indicates whether the routine completed successfully or, if
       not, why not.  The possible status codes are:

            error_status_ok
            dced_s_bad_binding
            dced_s_sv_not_enabled
            sec_acl_invalid_permission

 DESCRIPTION

   The dced_secval_stop() routine stops the security validation service
   (secval) of a specific host's dced.  This routine is typically used
   by managment applications.

   The secval service is commonly started by default when dced starts.
   The main use of dced_secval_stop() and dced_secval_start() is to
   force a refresh of the host principal credentials.  This is the only
   way to force certain registry changes made by the host principal
   (such as groupset membership) to be seen by processes running on the
   host.

   You can easily stop and then start the secval service with the
   following operations:

        dcecp -c secval deactivate
        dcecp -c secval activate

   It is not a good idea to remove the machine principal self
   credentials for an extended period of time because processes
   running as self will fail in their attempts to perform
   authenticated operations.

 RELATED INFORMATION

   Routines:   dced_secval_start
               dced_binding_create
               dced_binding_from_rpc_binding

   Commands: dced
             The secval object of dcecp

   Books: OSF DCE Application Development Guide.
Close Help