The Compaq X.500 Directory Service supports a subset of the Simplified
Access Control scheme from the 1993 edition of the standard. This allows
administrators to define policies that control access rights (such as read,
browse, modify, remove) to entries and individual attributes within a
particular part of the directory (naming context).
The Compaq X.500 Directory Service allows for the authentication of
users by name and password. It also allows access to be restricted based on
network address and for chained operations. X.500 V4.0 on Tru64 UNIX has been
certified with the Entrust V5.0 security product.
Authentication
A user is authenticated by a distinguished name and password.
Access control
Certain objects in the directory can have a prescriptive ACI
(Access Control Information) attribute. Any subordinate object is protected by
whatever prescriptive ACI protects the relevant branch of the Directory
Information Tree. A prescriptive ACI, together with the distinguished name of
an authenticated user, can grant these kinds of access:
- Read
- Compare
- Browse
- Add
- Modify
- Remove
- Filter Match
- Rename
- Return DN
- Disclose on Error
Trust relationships
You can use NCL to set up a trust relationship between two
DSAs.
» back to X.500 directory
service page
|