DCE_SECURITY, API Routines, sec_rgy_acct_add
*Conan The Librarian (sorry for the slow response - running on an old VAX)
|
VMS Help DCE_SECURITY, API Routines, sec_rgy_acct_add *Conan The Librarian (sorry for the slow response - running on an old VAX) |
|
NAME
sec_rgy_acct_add - Adds an account for a login name
SYNOPSIS
#include <dce/acct.h>
void sec_rgy_acct_add(
sec_rgy_handle_t context,
sec_rgy_login_name_t *login_name,
sec_rgy_acct_key_t *key_parts,
sec_rgy_acct_user_t *user_part,
sec_rgy_acct_admin_t *admin_part,
sec_passwd_rec_t *caller_key,
sec_passwd_rec_t *new_key,
sec_passwd_type_t new_keytype,
sec_passwd_version_t *new_key_version,
error_status_t *status);
PARAMETERS
Input
context
An opaque handle bound to a registry server. Use
sec_rgy_site_open() to acquire a bound handle.
login_name
A pointer to the account login name. A login name is composed
of three character strings, containing the principal, group,
and organization (PGO) names corresponding to the account.
All three names must be completely specified.
key_parts
A pointer to the minimum abbreviation allowed when logging in
to the account. Abbreviations are not currently implemented and
the only legal value is sec_rgy_acct_key_person.
user_part
A pointer to the sec_rgy_acct_user_t structure containing the
user part of the account data. This represents such information
as the account password, home directory, and default shell.
admin_part
A pointer to the sec_rgy_acct_admin_t structure containing the
administrative part of an account's data. This information
includes the account creation and expiration dates and flags
describing limits to the use of privilege attribute certificates,
among other information.
caller_key
A key to use to encrypt new_key for transmission to the registry
server.
new_key
The password for the new account. During transmission to the
registry server, it is encrypted with caller_key.
new_keytype
The type of the new key. The server uses this parameter to decide
how to encode new_key if it is sent as plaintext.
Output
new_key_version
The key version number returned by the server. If the client
requests a particular key version number (via the version_number
field of the new_key input parameter), the server returns the
requested version number back to the client.
status
A pointer to the completion status. On successful completion,
the routine returns error_status_ok. Otherwise, it returns an
error.
DESCRIPTION
The sec_rgy_acct_add() routine adds an account with the specified
login name. The login name is given in three parts, corresponding to
the principal, group, and organization names for the account.
The key_parts variable specifies the minimum login abbreviation for
the account. If the requested abbreviation duplicates an existing
abbreviation for another account, the routine supplies the next
shortest unique abbreviation and returns this abbreviation in
key_parts. Abbreviations are not currently implemented.
Permissions Required
The sec_rgy_acct_add() routine requires the following permissions on the
account (principal) that is to be added:
+ The m (mgmt_info) permission to change management information.
+ The a (auth_info) permission to change authentication information.
+ The u (user_info) permission to change user information.
NOTES
The constituent principal, group, and organization (PGO) items for
an account must be added before the account can be created. (See the
sec_rgy_pgo_add() routine). Also, the principal must have been added
as a member of the specified group and organization. (See the
sec_rgy_pgo_add_member() routine).
FILES
SYS$COMMON:[DCE$LIBRARY]ACCT.IDL
The idl file from which dce/acct.h was derived.
ERRORS
sec_rgy_not_authorized
The client program is not authorized to add an account
to the registry.
sec_rgy_not_member_group
The indicated principal is not a member of the indicated
group.
sec_rgy_not_member_org
The indicated principal is not a member of the indicated
organization.
sec_rgy_not_member_group_org
The indicated principal is not a member of the indicated
group or organization.
sec_rgy_object exists
The account to be added already exists.
sec_rgy_server_unavailable
The DCE Registry Server is unavailable.
error_status_ok
The call was successful.
RELATED INFORMATION
Functions: sec_intro
sec_rgy_acct_delete
sec_rgy_login_get_info
sec_rgy_pgo_add
sec_rgy_pgo_add_member
sec_rgy_site_open
|
|
