PreviousNext

Validating the Security Server

The security validation service (secval) has the following major functions:

· It maintains a login context for the host's self-identity which includes periodic changes to the host's key (password).

· It validates and certifies to applications, usually login programs, that the DCE security daemon (secd) is legitimate.

Clients (including remote clients, local servers, host logins, and administrators) all need the security validation service to make sure that the secd) process being used by the host is legitimate. The security validation service establishes the link in a trust chain between applications and secd so that applications can trust the DCE security mechanism.

An application can trust its host's security validation service because they are on the same host, but an application has no way to "convince itself" that secd, presumably on another host, is genuine. However, if the application trusts another principal (in this case, the security validation service), which in turn trusts secd, then the trust chain now extends from the application to secd.

Typically, a login program accesses the security validation service when it uses the DCE Security Service's login API, described in The Login API. Administrators access the secval service by using the dcecp secval object. However, suppose you are writing a security monitoring application to watch for and respond to security attacks. After the application binds to the secval service, it can call the dced_secval_validate( ) routine to verify that the secd process is legitimate.

Applications can also use the dced_secval_start( ) and dced_secval_stop( ) routines to start and stop the security validation service on a given host.

For example, during configuration of a host, the dced program can start with or without the security validation service. Later when security is configured, a management application can start secval by using the dced_secval_start( ) routine. For another example, suppose our security monitoring application mentioned earlier suspects an attack. The application can call dced_secval_stop( ) to stop the security validation service without stopping the entire dced. This makes the login environment more restrictive.