The GSS provides an alternate way of providing DCE security to distributed applications that handle network communications by themselves. With GSSAPI, you can include established applications in DCE and ensure the security and integrity of the applications and their data. In peer-to-peer communications, the application that establishes the secure connection is the context initiator or simply initiator. The context initiator is like a DCE RPC client. The application that accepts the secure connection is the context acceptor or simply acceptor. The context acceptor is like a DCE RPC server.
The GSS available with DCE includes two sets of routines:
· Standard GSSAPI routines, which are defined in the Internet RFC 1509 "Generic Security Service API: C-bindings.'' These routines have the prefix gss_.
· OSF DCE extensions to the GSSAPI routines. These are additional routines that enable an application to use DCE security services. These routines have the prefix gssdce_.
The topics that follow provide information about how the GSSAPI routines use the authentication and authorization protocols. GSSAPI Credentials provides information about GSS credentials, which are used to establish an application's identity in DCE.