PreviousNext

sec_rgy_auth_plcy_get_effective(3sec)

Returns the effective authentication policy for an account

Synopsis

#include <dce/policy.h>

void sec_rgy_auth_plcy_get_effective(
sec_rgy_handle_t context,
sec_rgy_login_name_t *account,
sec_rgy_plcy_auth_t *auth_policy,
error_status_t *status);

Parameters

Input

context
An opaque handle bound to a registry server. Use sec_rgy_site_open( ) to acquire a bound handle.

account
A pointer to the account login name (type sec_rgy_login_name_t). A login name is composed of three character strings, containing the principal, group, and organization (PGO) names corresponding to the account. If all three fields contain empty strings, the authentication policy returned is that of the registry.

Output

auth_policy
A pointer to the sec_rgy_plcy_auth_t structure to receive the authentication policy. The authentication policy structure contains the maximum lifetime for an authentication ticket, and the maximum amount of time for which one can be renewed.

status
A pointer to the completion status. On successful completion, the routine returns error_status_ok. Otherwise, it returns an error.

Description
The sec_rgy_auth_plcy_get_effective( ) routine returns the effective authentication policy for the specified account. The authentication policy in effect is the more restrictive of the registry and the account policies for each policy category. If no account is specified, the registry's authentication policy is returned.

Permissions Required
The sec_rgy_auth_plcy_get_effective( ) routine requires the r (read) permission on the policy object from which the data is to be returned. If an account is specified and an account policy exists, the routine also requires the r (read) permission on the account principal.

Files

/usr/include/dce/policy.idl
The idl file from which dce/policy.h was derived.

Errors

The following describes a partial list of errors that might be returned. Refer to the OSF DCE Problem Determination Guide for complete descriptions of all error messages.

sec_rgy_object_not_found
The specified account could not be found.

sec_rgy_server_unavailable
The DCE Registry Server is unavailable.

error_status_ok
The call was successful.

Related Information
Functions:

sec_intro(3sec)

sec_rgy_auth_plcy_get_info(3sec)

sec_rgy_auth_plcy_set_info(3sec)