Previous section.

DCE 1.1: Authentication and Security Services
Copyright © 1997 The Open Group

NAME

sec_rgy_acct_add-Adds an account for a login name

SYNOPSIS

#include <dce/acct.h>

void sec_rgy_acct_add(
    sec_rgy_handle_t context,
    sec_rgy_login_name_t *login_name,
    sec_rgy_acct_key_t *key_parts,
    sec_rgy_acct_user_t *user_part,
    sec_rgy_acct_admin_t *admin_part,
    sec_passwd_rec_t *caller_key,
    sec_passwd_rec_t *new_key,
    sec_passwd_type_t new_keytype,
    sec_passwd_version_t *new_key_version,
    error_status_t *status);

PARAMETERS

Input

context

An opaque handle bound to a registry server. Use sec_rgy_site_open() to acquire a bound handle.

login_name

A pointer to the account login name. A login name is composed of three character strings, containing the principal, group, and organization (PGO) names corresponding to the account. All three names must be completely specified.

key_parts

A pointer to the minimum abbreviation allowed when logging in to the account. Abbreviations are not currently implemented and the only legal value is sec_rgy_acct_key_person.

user_part

A pointer to the sec_rgy_acct_user_t structure containing the user part of the account data. This represents such information as the account password, home directory, and default shell.

admin_part

A pointer to the sec_rgy_acct_admin_t structure containing the administrative part of an account's data. This information includes the account creation and expiration dates and flags describing limits to the use of privilege attribute certificates, among other information.

caller_key

A key to use to encrypt new_key for transmission to the registry server.

new_key

The password for the new account. During transmission to the registry server, it is encrypted with caller_key.

new_keytype

The type of the new key. The server uses this parameter to decide how to encode new_key if it is sent as plain text.

Output

new_key_version

The key version number returned by the server. If the client requests a particular key version number (via the version_number field of the new_key input parameter), the server returns the requested version number back to the client.

status

A pointer to the completion status. On successful completion, the routine returns error_status_ok. Otherwise, it returns an error.

DESCRIPTION

The sec_rgy_acct_add() routine adds an account with the specified login name. The login name is given in three parts, corresponding to the principal, group, and organization names for the account.

The key_parts variable specifies the minimum login abbreviation for the account. If the requested abbreviation duplicates an existing abbreviation for another account, the routine supplies the next shortest unique abbreviation and returns this abbreviation in key_parts. Abbreviations are not currently implemented.

Permissions Required
The sec_rgy_acct_add() routine requires the following permissions on the account (principal) that is to be added:

NOTES

The constituent principal, group, and organization (PGO) items for an account must be added before the account can be created. (See the sec_rgy_pgo_add() routine). Also, the principal must have been added as a member of the specified group and organization. (See the sec_rgy_pgo_add_member() routine).

FILES


/usr/include/dce/acct.idl
The idl file from which dce/acct.h was derived.

ERRORS

error_status_ok

The call was successful.

sec_rgy_not_authorized

The client program is not authorized to add an account to the registry.

sec_rgy_not_member_group

The indicated principal is not a member of the indicated group.

sec_rgy_not_member_org

The indicated principal is not a member of the indicated organization.

sec_rgy_not_member_group_org

The indicated principal is not a member of the indicated group or organization.

sec_rgy_object exists

The account to be added already exists.

sec_rgy_server_unavailable

The DCE Registry Server is unavailable.

SEE ALSO

Functions: sec_rgy_acct_delete(), sec_rgy_login_get_info(), sec_rgy_pgo_add(), sec_rgy_pgo_add_member(), sec_rgy_site_open().
Please note that the html version of this specification may contain formatting aberrations. The definitive version is available as an electronic publication on CD-ROM from The Open Group.

Contents Next section Index