标签:数据库 mat 半透明 网络 其他 登录 nts entity cat
An access token is an object that describes the security context of a process or thread. The information in a token includes the identity and privileges of the user account associated with the process or thread. When a user logs on, the system verifies the user‘s password by comparing it with information stored in a security database. If the password is authenticated, the system produces an access token. Every process executed on behalf of this user has a copy of this access token.
(Access Token是用来描述一个进程或者线程的安全上下文的对象。Access Token中的信息包含了进程或者线程相关的用户账户的身份标识符和特权。当一个用户登录时,系统通过比较用户的密码与存储在安全数据库中的信息来验证用户的密码。如果用户的密码认证通过,系统会生成一个Access Token。这个用户创建的每一个进程都拥有该用户Access Token的一份拷贝。)
The system uses an access token to identify the user when a thread interacts with a securable object or tries to perform a system task that requires privileges. Access tokens contain the following information:
The security attributes or rules that are currently in effect. For example, the current user logged on to the computer or the personal identification number entered by the smart card user. For SSPI, a security context is an opaque data structure that contains security data relevant to a connection, such as a session key or an indication of the duration of the session.(目前生效的安全属性或者规则。比如当前用户登录电脑或者由智能卡用户用来进入系统的个人身份数字。对于SSPI来说,安全上下文就是一个包含了与连接相关的数据的半透明数据结构,比如一个会话密钥或者会话中的的指示符。)
A structure and associated data that contains the security information for a securable object. A security descriptor identifies the object‘s owner and primary group. It can also contain a DACL that controls access to the object, and a SACL that controls the logging of attempts to access the object.
See also absolute security descriptor, discretionary access control list, self-relative security descriptor, system access control list.
(一个包含了安全对象的安全信息的数据结构和相应的数据。安全描述符指明了对象的所有者和首要组。安全描述符还包含一个对对象进行访问控制的自主访问控制列表和一个记录试图访问对象的行为的系统访问控制列表。)
(SID) A data structure of variable length that identifies user, group, and computer accounts. Every account on a network is issued a unique SID when the account is first created. Internal processes in Windows refer to an account‘s SID rather than the account‘s user or group name.
(SID安全标识符)一个具有可变长度的数据结构,指明了用户,组合计算机账户。网络上的每个账户首次被创建的时候,该账户都被分配了一独特的SID。Windows的内部进程涉及的是账户的SID而不是用户名或者组名。
标签:数据库 mat 半透明 网络 其他 登录 nts entity cat
原文地址:http://www.cnblogs.com/debug-me/p/6892201.html