sec_rgy_acct_replace_all-Replaces all account data for an account
#include <dce/acct.h>
void sec_rgy_acct_replace_all(
sec_rgy_handle_t context,
sec_rgy_login_name_t *login_name,
sec_rgy_acct_key_t *key_parts,
sec_rgy_acct_user_t *user_part,
sec_rgy_acct_admin_t *admin_part,
boolean32 set_password,
sec_passwd_rec_t *caller_key,
sec_passwd_rec_t *new_key,
sec_passwd_type_t new_keytype,
sec_passwd_version_t *new_key_version,
error_status_t *status);
Input
- context
An opaque handle bound to a registry server. Use sec_rgy_site_open() to acquire a bound handle.
- login_name
A pointer to the account login name. A login name is composed of three character strings, containing the principal, group, and organization (PGO) names corresponding to the account. For the group and organization names, blank strings can serve as wildcards, matching any entry. The principal name must be input.
- user_part
A pointer to the sec_rgy_acct_user_t structure containing the user part of the account data. This represents such information as the account password, home directory, and default shell, all of which are accessible to, and may be modified by, the account owner.
- admin_part
A pointer to the sec_rgy_acct_admin_t structure containing the administrative part of an account's data. This information includes the account creation and expiration dates and flags describing limits to the use of privilege attribute certificates, among other information, and can be modified only by an administrator.
- set_passwd
The password reset flag. If you set this parameter to TRUE, the account's password will be changed to the value specified in new_key.
- caller_key
A key to use to encrypt the key for transmission to the registry server. If communications secure to the rpc_c_authn_level_pkt_privacy level are available on a system, then this parameter is not necessary, and the packet encryption is sufficient to ensure security.
- new_key
The password for the new account. During transmission to the registry server, it is encrypted with caller_key.
- new_keytype
The type of the new key. The server uses this parameter to decide how to encode the plaintext key.
Input/Output
- key_parts
A pointer to the minimum abbreviation allowed when logging in to the account. Abbreviations are not currently implemented and the only legal value is sec_rgy_acct_key_person.
Output
- new_key_version
The key version number returned by the server. If the client requests a particular key version number (via the version_number field of the new_key input parameter), the server returns the requested version number back to the client.
- status
A pointer to the completion status. On successful completion, the routine returns error_status_ok. Otherwise, it returns an error.
The sec_rgy_acct_replace_all() routine replaces both the user and administrative information in the account record specified by the input login name. The administrative information contains limitations on the account's use and privileges. The user information contains such information as the account home directory and default shell. Typically, the administrative information can only be modified by a registry administrator (users with auth_info (a) privileges for an account), while the user information can be modified by the account owner (users with user_info (u) privileges for an account).Use the set_passwd parameter to reset the account password. If you set this parameter to TRUE, the account's password is changed to the value specified in new_key.
The key_parts variable identifies how many of the login_name parts to use as the unique abbreviation for the replaced account. If the requested abbreviation duplicates an existing abbreviation for another account, the routine identifies the next shortest unique abbreviation and returns this abbreviation using key_parts.
Permissions Required
The sec_rgy_acct_replace_all() routine requires the following permissions on the account principal:
- The m (mgmt_info) permission, if flags or expiration_date is to be changed.
- The a (auth_info) permission, if authentication_flags or good_since_date is to be changed.
- The u (user_info) permission, if user flags, gecos, homedir (home directory), shell, or passwd (password) are to be changed.
All users need the w (write) privilege to modify any account information.
- /usr/include/dce/acct.idl
The idl file from which dce/acct.h was derived.
- error_status_ok
The call was successful.
- sec_rgy_not_authorized
The client program is not authorized to change account information.
- sec_rgy_object_not_found
The specified account could not be found.
- sec_rgy_server_unavailable
The DCE Registry Server is unavailable.
Functions:sec_rgy_acct_add() ,sec_rgy_acct_admin_replace() ,sec_rgy_acct_rename() ,sec_rgy_acct_user_replace() .
| Contents | Next section | Index |