Previous section.

DCE 1.1: Authentication and Security Services
Copyright © 1997 The Open Group

NAME

sec_rgy_acct_replace_all-Replaces all account data for an account

SYNOPSIS

#include <dce/acct.h>

void sec_rgy_acct_replace_all(
    sec_rgy_handle_t context,
    sec_rgy_login_name_t *login_name,
    sec_rgy_acct_key_t *key_parts,
    sec_rgy_acct_user_t *user_part,
    sec_rgy_acct_admin_t *admin_part,
    boolean32 set_password,
    sec_passwd_rec_t *caller_key,
    sec_passwd_rec_t *new_key,
    sec_passwd_type_t new_keytype,
    sec_passwd_version_t *new_key_version,
    error_status_t *status);

PARAMETERS

Input

context

An opaque handle bound to a registry server. Use sec_rgy_site_open() to acquire a bound handle.

login_name

A pointer to the account login name. A login name is composed of three character strings, containing the principal, group, and organization (PGO) names corresponding to the account. For the group and organization names, blank strings can serve as wildcards, matching any entry. The principal name must be input.

user_part

A pointer to the sec_rgy_acct_user_t structure containing the user part of the account data. This represents such information as the account password, home directory, and default shell, all of which are accessible to, and may be modified by, the account owner.

admin_part

A pointer to the sec_rgy_acct_admin_t structure containing the administrative part of an account's data. This information includes the account creation and expiration dates and flags describing limits to the use of privilege attribute certificates, among other information, and can be modified only by an administrator.

set_passwd

The password reset flag. If you set this parameter to TRUE, the account's password will be changed to the value specified in new_key.

caller_key

A key to use to encrypt the key for transmission to the registry server. If communications secure to the rpc_c_authn_level_pkt_privacy level are available on a system, then this parameter is not necessary, and the packet encryption is sufficient to ensure security.

new_key

The password for the new account. During transmission to the registry server, it is encrypted with caller_key.

new_keytype

The type of the new key. The server uses this parameter to decide how to encode the plaintext key.

Input/Output

key_parts

A pointer to the minimum abbreviation allowed when logging in to the account. Abbreviations are not currently implemented and the only legal value is sec_rgy_acct_key_person.

Output

new_key_version

The key version number returned by the server. If the client requests a particular key version number (via the version_number field of the new_key input parameter), the server returns the requested version number back to the client.

status

A pointer to the completion status. On successful completion, the routine returns error_status_ok. Otherwise, it returns an error.

DESCRIPTION

The sec_rgy_acct_replace_all() routine replaces both the user and administrative information in the account record specified by the input login name. The administrative information contains limitations on the account's use and privileges. The user information contains such information as the account home directory and default shell. Typically, the administrative information can only be modified by a registry administrator (users with auth_info (a) privileges for an account), while the user information can be modified by the account owner (users with user_info (u) privileges for an account).

Use the set_passwd parameter to reset the account password. If you set this parameter to TRUE, the account's password is changed to the value specified in new_key.

The key_parts variable identifies how many of the login_name parts to use as the unique abbreviation for the replaced account. If the requested abbreviation duplicates an existing abbreviation for another account, the routine identifies the next shortest unique abbreviation and returns this abbreviation using key_parts.

Permissions Required
The sec_rgy_acct_replace_all() routine requires the following permissions on the account principal:

NOTES

All users need the w (write) privilege to modify any account information.

FILES

/usr/include/dce/acct.idl

The idl file from which dce/acct.h was derived.

ERRORS

error_status_ok

The call was successful.

sec_rgy_not_authorized

The client program is not authorized to change account information.

sec_rgy_object_not_found

The specified account could not be found.

sec_rgy_server_unavailable

The DCE Registry Server is unavailable.

SEE ALSO

Functions: sec_rgy_acct_add(), sec_rgy_acct_admin_replace(), sec_rgy_acct_rename(), sec_rgy_acct_user_replace().
Please note that the html version of this specification may contain formatting aberrations. The definitive version is available as an electronic publication on CD-ROM from The Open Group.

Contents Next section Index