sec_key_mgmt_delete_key

sec_key_mgmt_delete_key_type(3sec)

Deletes a key version of a key type from the local key storage

Synopsis

#include <dce/keymgmt.h>

void sec_key_mgmt_delete_key_type(
sec_key_mgmt_authn_service authn_service,
void *arg,
idl_char *principal_name,
void *keytype,
unsigned32 key_vno,
error_status_t *status);

Parameters

Input

authn_service
Identifies the authentication protocol using this key. The possible authentication protocols are as follows:

rpc_c_authn_dce_secret
DCE shared-secret key authentication.

rpc_c_authn_dce_public
DCE public key authentication (reserved for future use).

arg
This parameter can specify either the local key file or an argument to the get_key_fn key acquisition routine of the rpc_server_register_auth_info routine.

A value of NULL specifies that the default key file (/krb/v5srvtab) should be used. A key file name specifies that file should be used as the key file. You must prepend the file's absolute file name with FILE: and the file must have been created with the rgy_edit ktadd command or the sec_key_mgmt_set_key routine.

Any other value specifies an argument for the get_key_fn key acquisition routine. See the rpc_server_register_auth_info( ) reference page for more information.

principal_name
A pointer to a character string indicating the name of the principal whose key type is to be deleted.

keytype
A pointer to a value of type sec_passwd_type_t. The value identifies the data encryption algorithm that is being used (for example, DES).

key_vno
The version number of the desired key.

Output

status
A pointer to the completion status. On successful completion, the routine returns error_status_ok. Otherwise, it returns an error.

Description
The sec_key_mgmt_delete_key_type( ) routine deletes the specified key version of the specified key type from the local key store. It differs from sec_key_mgmt_delete_key( ) in that sec_key_mgmt_delete_key( ) deletes all key types that have the same key version number.

This routine removes the key from the local key storage, which invalidates all extant tickets encoded with the key. If the key in question is the current one, the principal should change the key with sec_key_mgmt_change_key( ) before deleting it. It is not an error for a process to delete the current key (as long as it is done after the network context has been established), but it may seriously inconvenience legitimate clients of a service.

Files

/usr/include/dce/keymgmt.idl
The idl file from which dce/keymgmt.h was derived.

Errors

The following describes a partial list of errors that might be returned. Refer to the OSF DCE Problem Determination Guide for complete descriptions of all error messages.

Any error condition will leave the key state unchanged.

sec_key_mgmt_e_key_unavailable
The requested key is not present.

sec_key_mgmt_e_authn_invalid
The authentication protocol is not valid.

sec_key_mgmt_e_unauthorized
The caller is not authorized to perform the operation.

error_status_ok
The call was successful.

Related Information
Functions:

sec_intro(3sec)

sec_key_mgmt_delete_key(3sec)

sec_key_mgmt_garbage_collect(3sec)