DCE_SECURITY, API Routines, sec_rgy_acct_replace_all
*Conan The Librarian (sorry for the slow response - running on an old VAX)
|
VMS Help DCE_SECURITY, API Routines, sec_rgy_acct_replace_all *Conan The Librarian (sorry for the slow response - running on an old VAX) |
|
NAME
sec_rgy_acct_replace_all - Replaces all account data for an account
SYNOPSIS
#include <dce/acct.h>
void sec_rgy_acct_replace_all(
sec_rgy_handle_t context,
sec_rgy_login_name_t *login_name,
sec_rgy_acct_key_t *key_parts,
sec_rgy_acct_user_t *user_part,
sec_rgy_acct_admin_t *admin_part,
boolean32 set_password,
sec_passwd_rec_t *caller_key,
sec_passwd_rec_t *new_key,
sec_passwd_type_t new_keytype,
sec_passwd_version_t *new_key_version,
error_status_t *status);
PARAMETERS
Input
context
An opaque handle bound to a registry server. Use
sec_rgy_site_open() to acquire a bound handle.
login_name
A pointer to the account login name. A login name is composed
of three character strings, containing the principal, group,
and organization (PGO) names corresponding to the account. For
the group and organization names, blank strings can serve as
wildcards, matching any entry. The principal name must be input.
user_part
A pointer to the sec_rgy_acct_user_t structure containing the
user part of the account data. This represents such information
as the account password, home directory, and default shell, all
of which are accessible to, and may be modified by, the account
owner.
admin_part
A pointer to the sec_rgy_acct_admin_t structure containing the
administrative part of an account's data. This information
includes the account creation and expiration dates and flags
describing limits to the use of privilege attribute
certificates, among other information, and can be modified only
by an administrator.
set_passwd
The password reset flag. If you set this parameter to TRUE, the
account's password will be changed to the value specified in
new_key.
caller_key
A key to use to encrypt the key for transmission to the registry
server. If communications secure to the
rpc_c_authn_level_pkt_privacy level are available on a system,
then this parameter is not necessary, and the packet encryption
is sufficient to ensure security.
new_key
The password for the new account. During transmission to the
registry server, it is encrypted with caller_key.
new_keytype
The type of the new key. The server uses this parameter to
decide how to encode the plaintext key.
Input/Output
key_parts
A pointer to the minimum abbreviation allowed when logging in
to the account. Abbreviations are not currently implemented
and the only legal value is sec_rgy_acct_key_person.
Output
new_key_version
The key version number returned by the server. If the client
requests a particular key version number (via the version_number
field of the new_key input parameter), the server returns the
requested version number back to the client.
status
A pointer to the completion status. On successful completion,
the routine returns error_status_ok. Otherwise, it returns an
error.
DESCRIPTION
The sec_rgy_acct_replace_all() routine replaces both the user and
administrative information in the account record specified by the
input login name. The administrative information contains limitations
on the account's use and privileges. The user information contains
such information as the account home directory and default shell.
Typically, the administrative information can only be modified by a
registry administrator (users with admin_info (a) privileges for an
account), while the user information can be modified by the account
owner (users with user_info (u) privileges for an account).
Use the set_passwd parameter to reset the account password. If you set
this parameter to TRUE, the account's pasword is changed to the value
specified in new_key.
The key_parts variable identifies how many of the login_name parts to
use as the unique abbreviation for the replaced account. If the
requested abbreviation duplicates an existing abbreviation for another
account, the routine identifies the next shortest unique abbreviation
and returns this abbreviation using key_parts.
Permissions Required
The sec_rgy_acct_replace_all() routine requires the following
permissions on the account principal:
+ The m (mgmt_info) permission, if flags or expiration_date is to
be changed.
+ The a (auth_info) permission, if authentication_flags or
good_since_date is to be changed.
+ The u (user_info) permission, if user flags, gecos, homedir (home
directory), shell, or passwd (password) are to be changed.
NOTES
All users need the w (write) privilege to modify any account
information.
FILES
SYS$COMMON:[DCE$LIBRARY]ACCT.IDL
The idl file from which dce/acct.h was derived.
ERRORS
sec_rgy_not_authorized
The client program is not authorized to change account
information.
sec_rgy_object_not_found
The specified account could not be found.
sec_rgy_server_unavailable
The DCE Registry Server is unavailable.
error_status_ok
The call was successful.
RELATED INFORMATION
Functions: sec_intro
sec_rgy_acct_add
sec_rgy_acct_admin_replace
sec_rgy_acct_rename
sec_rgy_acct_user_replace
|
|
