sec_rgy_acct_admin_replace(3sec)
Replaces administrative account data
Synopsis
#include <dce/acct.h> void sec_rgy_acct_admin_replace( sec_rgy_handle_t context,
sec_rgy_login_name_t *login_name, sec_rgy_acct_key_t *key_parts, sec_rgy_acct_admin_t *admin_part,
error_status_t *status);
Parameters
Input
context An opaque handle bound to a registry server. Use sec_rgy_site_open( ) to acquire a bound handle.
login_name A pointer to the account login name. A login name is composed of three character strings, containing the principal, group, and organization (PGO) names corresponding
to the account. For the group and organization names, blank strings can serve as wildcards, matching any entry. The principal name must be input.
key_parts A pointer to the minimum abbreviation allowed when logging in to the account. Abbreviations are not currently implemented and the only legal value is
sec_rgy_acct_key_person.
admin_part A pointer to the sec_rgy_acct_admin_t structure containing the administrative part of an account's data. This information includes the account creation and
expiration dates and flags describing limits to the use of privilege attribute certificates, among other information, and can be modified only by an administrator. The sec_rgy_acct_admin_t
structure contains the following fields:
creator The identity of the principal who created this account in sec_rgy_foreign_id_t form. This field is set by the registry server.
creation_date The date (sec_timeval_sec_t) the account was created. This field is set by the registry server.
last_changer The identity of the principal who last modified any of the account information (user or administrative). This field is set by the registry server.
change_date The date (sec_timeval_sec_t) the account was last modified (either user or administrative data). This field is set by the registry server.
expiration_date The date (sec_timeval_sec_t) the account will cease to be valid.
good_since_date This date (sec_timeval_sec_t) is for Kerberos-style, ticket-granting ticket revocation. Ticket-granting tickets issued before this date will not be
honored by authenticated network services.
flags Contains administration flags used as part of the administrator's information for any registry account. This field is in sec_rgy_acct_admin_flags_t form. (See
sec_intro(3sec) for a complete description of these flags.)
authentication_flags Contains flags controlling use of authentication services. This field is in sec_rgy_acct_auth_flags_t form. (See
sec_intro(3sec) for a complete description of these flags.)
Output
status A pointer to the completion status. On successful completion, the routine returns error_status_ok. Otherwise, it returns an error.
Description The sec_rgy_acct_admin_replace( ) routine replaces the administrative information in the account record specified by the input login name. The
administrative information contains limitations on the account's use and privileges. It can be modified only by a registry administrator; that is, a user with the admin_info (abbreviated as
a) privilege for an account.
The key_parts variable identifies how many of the login_name parts to use as the unique abbreviation for the account. If the requested abbreviation duplicates an existing
abbreviation for another account, the routine supplies the next shortest unique abbreviation and returns this abbreviation using key_parts.
Permissions Required The sec_rgy_acct_admin_replace( ) routine requires the following permissions on the account principal:
· The m (mgmt_info) permission, if flags or expiration_date is to be changed.
· The a (auth_info) permission, if authentication_flags or good_since_date is to be changed.
Notes All users need the w (write) privilege in the appropriate ACL entry to modify any account information.
Files
/usr/include/dce/acct.idl The idl file from which dce/acct.h was derived.
Errors
The following describes a partial list of errors that might be returned. Refer to the OSF DCE Problem Determination Guide for complete descriptions of all error messages.
sec_rgy_not_authorized The client program is not authorized to change the administrative information for the specified account.
sec_rgy_object_not_found The registry server could not find the specified name.
sec_rgy_server_unavailable The DCE Registry Server is unavailable.
error_status_ok The call was successful.
Related Information Functions:
sec_intro(3sec)
sec_rgy_acct_user_replace(3sec)
sec_rgy_acct_replace_all(3sec)
sec_rgy_acct_lookup(3sec)
|