DACS DACS - The Distributed Access Control System

DACS Features and Benefits

Why should you use DACS? Sure, it is a fully supported, open source product with many nifty features, but why should you install it, or at least try it? The answer partly depends on whether you are running one web site, working with two or more web sites, or are a software developer, but we believe that if you get to know it a little and compare it to the alternatives, you will be impressed with DACS!

DACS is not a system designed around the latest technological fads or driven by some industry consortium's business goals. We have developed versatile solutions based on solid, secure core technologies that address many of the authentication and authorization problems of real organizations and system administrators. It is a practical system.

Here are some of the main features and benefits of DACS.

Light-Weight Single Sign-On

DACS gives you an out-of-the-box single sign-on solution with attendant benefits to users and system administrators:

DACS has been carefully designed to have no single point of failure, making it resilient against hardware, software, and communication failures. This means that DACS does not rely on any central computer or server, so that if any component of the system fails or becomes inaccessible, the rest of the system will continue to operate normally. Not all similar systems share this important property! By configuring redundancy into your DACS configuration, your federation can be very tolerant of failures and can continue to operate as normally as possible while servers are brought down for maintenance, etc.

Leveraged User Authentication

DACS supplies a coherent, modular, extensible authentication framework that lets you leverage your existing authentication systems and account management policies, or easily introduce new ones. The most widely-used Apache authentication methods are available and Apache password files can be used by DACS.

DACS can authenticate a user based on:

These authentication methods can be combined and selected in various ways at authentication time.

DACS has been deployed in environments with thousands of user accounts.

Powerful Access Control

Expressive access control rules let you decide who can access your web site's resources:


DACS has a comprehensive feature set. Here is just a partial list:

Please refer to the FAQ for additional details. A summary of major features available in the latest release and planned for upcoming releases is also available.

Controlled Sharing

One of the primary benefits of DACS is that it fosters "controlled sharing". As the need for distributed sharing of resources, remote access, and communication and collaboration over the web grows, so does the need to carefully manage user authentication and authorization. Without the right security tools, these kinds of potentially powerful applications simply cannot be trusted. DACS enables controlled sharing efficiently, economically, and securely.

Tools for Developers

As a developer, you can use DACS as a toolbox for creating customizations and other single sign-on systems and web portals. Access to DACS core technologies is provided through web services and command-line utilities.

Whether you are writing web services, middleware, or any network-based application, you can apply the DACS authentication framework and rule processing engine from the command line or by calling a DACS web service.

The DACS rule processing engine can be used by any program, not only for making access control decisions, but for a wide variety of selection or condition-testing purposes. It has been used as the core technology by document transformation software (dacstransform(1) and dacs_transform(8)) and a command scheduling application (dacssched(1)).

Many of the utilities are not web-based, although they can be used by CGI programs and other web services:

To get a better understanding of what DACS can do and how it works, please take a look at the tips and examples.

If you have any questions about what DACS can and cannot do, please contact us.

$Id: $