sec_key_mgmt_manage_key-Automatically change a principal's key on a periodic basis.
#include <dce/keymgmt.h>
void sec_key_mgmt_manage_key(
sec_key_mgmt_authn_service authn_service,
void *get_key_fn_arg,
idl_char *principal_name,
error_status_t *status);
Input
- authn_service
Identifies the authentication service appropriate for this key.
- get_key_fn_arg
Key acquisition routine argument (see<dce/keymgmt.h> ).
- principal_name
Name of the principal whose key is to be managed.
Output
- status
The completion status.
Thesec_key_mgmt_manage_key() routine changes (both locally and remotely) the specified principal's key on a periodic basis, as determined by the local cell's policy. It runs indefinitely, never returning during normal operation (and therefore should be invoked only from a dedicated "key management thread").Conceptually, this routine operates as follows (this description imposes no requirements on implementations). First it queries the login context to determine the password expiration date that applies to the named principal. It then idles until a "short time" (implementation-dependent) before the current key is due to expire, and then calls
sec_key_mgmt_gen_rand_key() (or similar functionality), thereby changing both the local key store and the RS datastore to a new random key. This routine may also callsec_key_mgmt_garbage_collect() (or similar functionality) as needed to discard unusable keys from the local key store.
error_status_ok, sec_rgy_object_not_found, sec_key_mgmt_e_authn_invalid, sec_key_mgmt_e_key_unavailable, sec_key_mgmt_e_key_unsupported, sec_key_mgmt_e_unauthorized, sec_rgy_server_unavailable.
Functions:sec_key_mgmt_change_key() ,sec_key_mgmt_gen_rand_key() ,sec_key_mgmt_garbage_collect() .
Contents | Next section | Index |