Wikipedia

Distributed Computing Environment: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
No edit summary
Bsdlogical (talk | contribs)
241 edits
m Apparent typo. [PLEASE CONFIRM]
Line 3:
To understand why DCE is useful, one must look at its closest competitor - [[Kerberos (protocol)|Kerberos]]. Like DCE, Kerberos is a distributed computing application. It provides an authentication system for a network of machines - much like Sun's [[Network Information Service]] or [[LDAP]]. Kerberos is an authentication system only - it can identify the entity requesting resources to the server, but it cannot do authorization. That has to be implemented at each individual server. If for example, in a system that uses Kerberos authentication, a user A authenticates himself and requests resource R on machine M1, then M1 has to be set up to authorize A to access R on M1. If R is a shared resource thats available on machine M2 also, then M2 has to explicitly authorize A to access resource R. Kerberos does not provide a way to allow one to share authorization settings across its ___domain. DCE can. It does this by supporting [[Access Control List]]s (ACLs).
 
The largest unit of management in DCE is a cell. The highest priviledges within a cell are assigned to a role called cell administrator. Typically this priviledge is held by a DCE prinipalprincipal called cell_admin. Note that this need not be a real OS-level user. The cell_admin has all priviledges over all DCE resources within the cell. Priviledges can be awarded to or removed from the following categories : user_obj, group_obj, other_obj, any_other for any given DCE resource. The first three correspond to the owner, group member, and any other DCE principal respectively. The last group contains any non-DCE principal. Multiple cells can be configured to communicate and share resources with each other. All prinicpals from external cells are treated as "foreign" users and priviledges can be awarded / removed accordingly. In addition to this, specific users or groups can be assigned priviledges on any DCE resource - something which is not possible with the traditional UNIX filesystem.
 
There are three major components of DCE within every cell: (1) the security server (which is responsible for authentication) (2) The Cell Directory Server (CDS) (which is the respository of resources and ACLs) and (3) The Distributed Time Server which provides an accurate clock for proper functioning of the entire cell. Modern DCE implementations such as IBM's are fully capable of interoperating with Kerberos as the security server, LDAP for the CDS and the [[Network Time Protocol]] implementations for the time server.
Retrieved from "https://en.wikipedia.org/wiki/Distributed_Computing_Environment"