PreviousNext

Creating and Maintaining Accounts

The login-name field of an account contains a principal name, a primary group name, and an organization name. The account may also contain a project list (also known as a concurrent group set) that specifies all the groups to which the principal corresponding to the account belongs, but the login-name field itself specifies only one group name.

An account can be added to the registry database only when all of its constituent PGO items are established. For instance, to create an account with the principal name tom, the group name writers, and the organization name rd, all three names must exist as individual PGO items in the database; and the writers group and the rd organization must specify that tom is a member.

When an account is created with sec_rgy_acct_add( ) (and if a project list is enabled for the new account), the call scans the groups in the registry and creates a project list containing all the groups in which the principal name appears. Subsequently, the project list may be modified with the sec_rgy_pgo_add_member( ) and sec_rgy_pgo_delete_member( ) calls.

The following calls create and maintain accounts:

· sec_rgy_acct_add( )

Adds an account to an existing principal item

· sec_rgy_acct_delete( )

Deletes an account, leaving the principal item

· sec_rgy_acct_rename( )

Changes an account login name, perhaps moving the account to a different principal item

The following calls return the information in an account:

· sec_rgy_acct_get_projlist( )

Returns the project list for an account

· sec_rgy_acct_lookup( )

Returns all the account data

The following calls modify the information in an account:

· sec_rgy_acct_passwd( )

Changes an account password

· sec_rgy_acct_replace_all( )

Replaces all of an account's data

· sec_rgy_acct_admin_replace( )

Replaces only the administrative account data

· sec_rgy_acct_user_replace( )

Replaces only the account data that is accessible to the user of the account