Previous section.

DCE 1.1: Authentication and Security Services
Copyright © 1997 The Open Group


sec_rgy_acct_add-Adds an account for a login name


#include <dce/acct.h>

void sec_rgy_acct_add(
    sec_rgy_handle_t context,
    sec_rgy_login_name_t *login_name,
    sec_rgy_acct_key_t *key_parts,
    sec_rgy_acct_user_t *user_part,
    sec_rgy_acct_admin_t *admin_part,
    sec_passwd_rec_t *caller_key,
    sec_passwd_rec_t *new_key,
    sec_passwd_type_t new_keytype,
    sec_passwd_version_t *new_key_version,
    error_status_t *status);




An opaque handle bound to a registry server. Use sec_rgy_site_open() to acquire a bound handle.


A pointer to the account login name. A login name is composed of three character strings, containing the principal, group, and organization (PGO) names corresponding to the account. All three names must be completely specified.


A pointer to the minimum abbreviation allowed when logging in to the account. Abbreviations are not currently implemented and the only legal value is sec_rgy_acct_key_person.


A pointer to the sec_rgy_acct_user_t structure containing the user part of the account data. This represents such information as the account password, home directory, and default shell.


A pointer to the sec_rgy_acct_admin_t structure containing the administrative part of an account's data. This information includes the account creation and expiration dates and flags describing limits to the use of privilege attribute certificates, among other information.


A key to use to encrypt new_key for transmission to the registry server.


The password for the new account. During transmission to the registry server, it is encrypted with caller_key.


The type of the new key. The server uses this parameter to decide how to encode new_key if it is sent as plain text.



The key version number returned by the server. If the client requests a particular key version number (via the version_number field of the new_key input parameter), the server returns the requested version number back to the client.


A pointer to the completion status. On successful completion, the routine returns error_status_ok. Otherwise, it returns an error.


The sec_rgy_acct_add() routine adds an account with the specified login name. The login name is given in three parts, corresponding to the principal, group, and organization names for the account.

The key_parts variable specifies the minimum login abbreviation for the account. If the requested abbreviation duplicates an existing abbreviation for another account, the routine supplies the next shortest unique abbreviation and returns this abbreviation in key_parts. Abbreviations are not currently implemented.

Permissions Required
The sec_rgy_acct_add() routine requires the following permissions on the account (principal) that is to be added:


The constituent principal, group, and organization (PGO) items for an account must be added before the account can be created. (See the sec_rgy_pgo_add() routine). Also, the principal must have been added as a member of the specified group and organization. (See the sec_rgy_pgo_add_member() routine).


The idl file from which dce/acct.h was derived.



The call was successful.


The client program is not authorized to add an account to the registry.


The indicated principal is not a member of the indicated group.


The indicated principal is not a member of the indicated organization.


The indicated principal is not a member of the indicated group or organization.

sec_rgy_object exists

The account to be added already exists.


The DCE Registry Server is unavailable.


Functions: sec_rgy_acct_delete(), sec_rgy_login_get_info(), sec_rgy_pgo_add(), sec_rgy_pgo_add_member(), sec_rgy_site_open().
Please note that the html version of this specification may contain formatting aberrations. The definitive version is available as an electronic publication on CD-ROM from The Open Group.

Contents Next section Index