Content deleted Content added
No edit summary |
m Marked up reference to Kerberos to point to Wikipedia's page about it |
||
Line 1:
The '''Distributed Computing Environment (DCE)''' is a software system developed in the early 1990s by a consortium that included [[Apollo Computer]] (later part of [[Hewlett-Packard]]), [[IBM]], [[Digital Equipment Corporation]], and others. The DCE supplies a framework and toolkit for developing client/server applications. The framework includes a [[remote procedure call]] (RPC) mechanism, a naming (directory) service, an authentication service, and a distributed file system (DFS). DCE RPC was derived from an earlier RPC system called the Network Computing System (NCS) created at Apollo Computer. The naming service was derived from work done at DEC. DCE DFS was based on the [[Andrew file system]] (AFS), originally developed at [[Carnegie-Mellon University]], and later extended by Transarc Corporation (which was later merged into IBM). DCE 1.2.2 was released on 12th January 2005 under a Free Software License (the LGPL) by The Open Group. DCE 1.1 was available much earlier under the OSF BSD license, and resulted in FreeDCE (freedce.sf.net) being available since 2000. FreeDCE contains an implementation of DCOM.
To understand why DCE is useful, one must look at its closest competitor - [[Kerberos (protocol)|Kerberos]]. Like DCE, Kerberos is a distributed computing application. It provides an authentication system for a network of machines - much like Sun's [[Network Information Service]] or [[LDAP]]. Kerberos is an authentication system only - it can identify the entity requesting resources to the server, but it cannot do authorization. That has to be implemented at each individual server. If for example, in a system that uses Kerberos authentication, a user A authenticates himself and requests resource R on machine M1, then M1 has to be set up to authorize A to access R on M1. If R is a shared resource thats available on machine M2 also, then M2 has to explicitly authorize A to access resource R. Kerberos does not provide a way to allow one to share authorization settings across its ___domain. DCE can. It does this by supporting Access Control Lists (ACLs).
There are three major components of DCE : (1) the security server (which is responsible for authentication) (2) The Cell Directory Server (CDS) (which is the respository of resources and ACLs) and (3) The Distributed Time Server which provides an accurate clock for proper functioning of the entire cell. Modern DCE implementations such as [[IBM]]'s are fully capable of interoperating with Kerberos as the security server, LDAP for the CDS and the Network Time Protocol implementations for the time server.
| |||