NAME

sec_key_mgmt_change_key-Change ("write") a principal's key in local key storage and in RS datastore.

SYNOPSIS

#include <dce/keymgmt.h>

void sec_key_mgmt_change_key(
    sec_key_mgmt_authn_service authn_service,
    void *get_key_fn_arg,
    idl_char *principal_name,
    unsigned32 key_vno,
    void *keydata,
    sec_timeval_period_t *garbage_collect_time,
    error_status_t *status);

PARAMETERS

Input

authn_service

Identifies the authentication service appropriate for this key.

get_key_fn_arg

Key acquisition routine argument (see <dce/keymgmt.h>).

principal_name

Name of the principal whose key is to be changed.

key_vno

Version number of the new key.

keydata

The supplied key data (see <dce/keymgmt.h>).

Output

garbage_collect_time

Number of seconds (from "now"), by which time all currently usable tickets (which are protected with the current or previous keys) will have expired (and can therefore be "garbage collected" by the application).

status

The completion status.

DESCRIPTION

The sec_key_mgmt_change_key() routine performs all activities necessary to update a principal's key, both locally and remotely (that is, in local key storage and in the RS datastore), to the specified value. Old keys for the principal are also garbage collected, if appropriate. For more discussion, see Key Management Facility .

If key_vno is specified as 0 (zero), an appropriate non-zero key version number will be selected in an implementation-defined manner.

Any error (that is, status != error_status_ok) will leave the key state unchanged.

ERRORS

sec_key_mgmt_e_key_unavailable, sec_key_mgmt_e_authn_invalid, sec_key_mgmt_e_auth_unavailable, sec_key_mgmt_e_unauthorized, sec_key_mgmt_e_key_unsupported, sec_key_mgmt_e_key_version_ex, sec_rgy_server_unavailable, sec_rgy_object_not_found, sec_login_s_no_memory, error_status_ok.

SEE ALSO

Functions: sec_key_mgmt_generate_key(), sec_key_mgmt_set_key().

Protocols: rs_acct_replace().