sec_rgy_acct_replace_all(3sec)

Synopsis

#include <dce/acct.h>

void sec_rgy_acct_replace_all(
sec_rgy_handle_t context,
sec_rgy_login_name_t *login_name,
sec_rgy_acct_key_t *key_parts,
sec_rgy_acct_user_t *user_part,
sec_rgy_acct_admin_t *admin_part,
boolean32 set_password,
sec_passwd_rec_t *caller_key,
sec_passwd_rec_t *new_key,
sec_passwd_type_t new_keytype,
sec_passwd_version_t *new_key_version,
error_status_t *status);

Parameters

Input

context
An opaque handle bound to a registry server. Use sec_rgy_site_open( ) to acquire a bound handle.

login_name
A pointer to the account login name. A login name is composed of three character strings, containing the principal, group, and organization (PGO) names corresponding to the account. For the group and organization names, blank strings can serve as wildcards, matching any entry. The principal name must be input.

user_part
A pointer to the sec_rgy_acct_user_t structure containing the user part of the account data. This represents information can be modified only by the account owner or other authorized user.

admin_part
A pointer to the sec_rgy_acct_admin_t structure containing the administrative part of an account's data. This information includes the account creation and expiration dates and flags describing limits to the use of privilege attribute certificates, among other information, and can be modified only by an administrator.

set_passwd
The password reset flag. If you set this parameter to TRUE, the account's password will be changed to the value specified in new_key.

caller_key
A key to use to encrypt the key for transmission to the registry server. If communications secure to the rpc_c_authn_level_pkt_privacy level are available on a system, then this parameter is not necessary, and the packet encryption is sufficient to ensure security.

new_key
The password for the new account. During transmission to the registry server, it is encrypted with caller_key.

new_keytype
The type of the new key. The server uses this parameter to decide how to encode the plaintext key.

Input/Output

key_parts
A pointer to the minimum abbreviation allowed when logging in to the account. Abbreviations are not currently implemented and the only legal value is sec_rgy_acct_key_person.

Output

new_key_version
The key version number returned by the server. If the client requests a particular key version number (via the version_number field of the new_key input parameter), the server returns the requested version number back to the client.

status
A pointer to the completion status. On successful completion, the routine returns error_status_ok. Otherwise, it returns an error.

Description
The sec_rgy_acct_replace_all( ) routine replaces both the user and administrative information in the account record specified by the input login name. The administrative information contains limitations on the account's use and privileges. The user information contains information such as the account home directory and default shell. The administrative information can only be modified by a registry administrator or another authorized user (users with admin_info (a) and mgnt_info (m) privileges for an account). The user information can be modified by the account owner or another authorized user (users with user_info (u) privileges for an account).

Use the set_passwd parameter to reset the account password. If you set this parameter to TRUE, the account's password is changed to the value specified in new_key.

The key_parts variable identifies how many of the login_name parts to use as the unique abbreviation for the replaced account. If the requested abbreviation duplicates an existing abbreviation for another account, the routine identifies the next shortest unique abbreviation and returns this abbreviation using key_parts.

Permissions Required
The sec_rgy_acct_replace_all( ) routine requires the following permissions on the account principal:

· The m (mgmt_info) permission, if flags or expiration_date is to be changed.

· The a (auth_info) permission, if authentication_flags or good_since_date is to be changed.

· The u (user_info) permission, if user flags, gecos, homedir (home directory), shell, or passwd (password) are to be changed.

Notes
All users need the w (write) privilege to modify any account information.

Files

/usr/include/dce/acct.idl
The idl file from which dce/acct.h was derived.

Errors

The following describes a partial list of errors that might be returned. Refer to the OSF DCE Problem Determination Guide for complete descriptions of all error messages.

sec_rgy_not_authorized
The client program is not authorized to change account information.

sec_rgy_object_not_found
The specified account could not be found.

sec_rgy_server_unavailable
The DCE Registry Server is unavailable.

error_status_ok
The call was successful.

Related Information
Functions:

sec_intro(3sec)

sec_rgy_acct_add(3sec)

sec_rgy_acct_admin_replace(3sec)

sec_rgy_acct_rename(3sec)

sec_rgy_acct_user_replace(3sec)