sec_key_mgmt_delete_key(3sec)
Deletes a key from the local storage
Synopsis
#include <dce/keymgmt.h> void sec_key_mgmt_delete_key( sec_key_mgmt_authn_service authn_service,
void *arg, idl_char *principal_name, unsigned32 key_vno, error_status_t
*status);
Parameters
Input
authn_service Identifies the authentication protocol using this key. The possible authentication protocols are as follows:
rpc_c_authn_dce_secret DCE shared-secret key authentication.
rpc_c_authn_dce_public DCE public key authentication (reserved for future use).
arg This parameter can specify either the local key file or an argument to the get_key_fn key acquisition routine of the rpc_server_register_auth_info routine.
A value of NULL specifies that the default key file (/krb/v5srvtab) should be used. A key filename specifies that file should be used as the key file. You must prepend the file's
absolute file name with FILE: and the file must have been created with the rgy_edit ktadd command or the sec_key_mgmt_set_key function.
Any other value specifies an argument for the get_key_fn key acquisition routine. See the rpc_server_register_auth_info( ) reference page
for more information.
principal_name A pointer to a character string indicating the name of the principal whose key is to be deleted.
key_vno The version number of the desired key.
Output
status A pointer to the completion status. On successful completion, the routine returns error_status_ok. Otherwise, it returns an error.
Description The sec_key_mgmt_delete_key( ) routine deletes the specified key from the local key store. If an administrator ever discovers or suspects that the security
of a server's key has been compromised, the administrator should delete the key immediately with sec_key_mgmt_delete_key( ). This routine removes the key from the local key storage, which
invalidates all extant tickets encoded with the key. If the compromised key is the current one, the principal should change the key with sec_key_mgmt_change_key( ) before deleting it. It
is not an error for a process to delete the current key (as long as it is done after the network context has been established), but it may seriously inconvenience legitimate clients of a
service.
This routine deletes all key types that have the specified key version number. A key type identifies the data encryption algorithm being used (for example, DES). This routine differs from
sec_key_mgmt_delete_key_type( ) in that sec_key_mgmt_delete_key_type( ) deletes only the specified key version of the specified key type from the local key store.
Files
/usr/include/dce/keymgmt.idl The idl file from which dce/keymgmt.h was derived.
Errors
The following describes a partial list of errors that might be returned. Refer to the OSF DCE Problem Determination Guide for complete descriptions of all error messages.
Any error condition will leave the key state unchanged.
sec_key_mgmt_e_key_unavailable The requested key is not present.
sec_key_mgmt_e_authn_invalid The authentication protocol is not valid.
sec_key_mgmt_e_unauthorized The caller is not authorized to perform the operation.
error_status_ok The call was successful.
Related Information Functions:
sec_intro(3sec)
sec_key_mgmt_delete_key_type(3sec)
sec_key_mgmt_garbage_collect(3sec)
|