sec_key_mgmt_garbage_collect(3sec)
Deletes obsolete keys
Synopsis
#include <dce/keymgmt.h>
void sec_key_mgmt_garbage_collect(
sec_key_mgmt_authn_service authn_service,
void *arg,
idl_char *principal_name,
error_status_t *status);
Parameters
Input
authn_service
Identifies the authentication protocol using this key. The possible authentication protocols are as follows:
| rpc_c_authn_dce_secret | DCE shared-secret key authentication. |
| rpc_c_authn_dce_public | DCE public key authentication (reserved for future use). |
This parameter can specify either the local key file or an argument to the get_key_fn key acquisition routine of the rpc_server_register_auth_info routine.
A value of NULL specifies that the default key file (/krb/v5srvtab) should be used. A key file name specifies that file should be used as the key file. You must prepend the file's absolute file name with FILE: and the file must have been created with the rgy_edit ktadd command or the sec_key_mgmt_set_key routine.
Any other value specifies an argument for the get_key_fn key acquisition routine. See the rpc_server_register_auth_info( ) reference page for more information.
principal_name
A pointer to a character string indicating the name of the principal whose key information is to be garbage collected.
Output
status
A pointer to the completion status. On successful completion, the routine returns error_status_ok. Otherwise, it returns an error.
Description
The sec_key_mgmt_garbage_collect( ) routine discards any obsolete key information for this principal. An obsolete key is one that can only decode invalid
tickets. As an example, consider a key that was in use on Monday, and was only used to encode tickets whose maximum lifetime was 1 day. If that key was changed at 8:00 a.m. Tuesday morning, then
it would become obsolete by 8:00 a.m. Wednesday morning, at which time there could be no valid tickets outstanding.
Files
/usr/include/dce/keymgmt.idl
The idl file from which dce/keymgmt.h was derived.
Errors
The following describes a partial list of errors that might be returned. Refer to the OSF DCE Problem Determination Guide for complete descriptions of all error messages.
sec_key_mgmt_e_authn_invalid
The authentication protocol is not valid.
sec_key_mgmt_e_unauthorized
The caller is not authorized to perform the operation.
sec_key_mgmt_e_key_unavailable
Requested key not present.
sec_rgy_server_unavailable
The DCE Registry Server is unavailable.
sec_rgy_object_not_found
No principal was found with the given name.
sec_login_s_no_memory
A memory allocation error occurred.
error_status_ok
The call was successful.
Related Information
Functions: