VMS Help  —  DCE  DCE_SECURITY, API Routines, sec_rgy_acct_admin_replace
 NAME
   sec_rgy_acct_admin_replace - Replaces administrative account data

 SYNOPSIS

 #include <dce/acct.h>

 void sec_rgy_acct_admin_replace(
         sec_rgy_handle_t context,
         sec_rgy_login_name_t *login_name,
         sec_rgy_acct_key_t *key_parts,
         sec_rgy_acct_admin_t *admin_part,
         error_status_t *status);

 PARAMETERS

 Input

 context
        An opaque handle bound to a registry server.  Use
        sec_rgy_site_open() to acquire a bound handle.

 login_name
        A pointer to the account login name.  A login name is composed
        of three character strings, containing the principal, group,
        and organization (PGO) names corresponding to the account.
        For the group and organization names, blank strings can serve
        as wildcards, matching any entry. The principal name must be
        input.

 key_parts
        A pointer to the minimum abbreviation allowed when logging in
        to the account. Abbreviations are not currently implemented
        and the only legal value is sec_rgy_acct_key_person.

 admin_part
        A pointer to the sec_rgy_acct_admin_t structure containing the
        administrative part of an account's data. This information
        includes the account creation and expiration dates and flags
        describing limits to the use of privilege attribute
        certificates, among other information, and can be modified
        only by an administrator. The sec_rgy_acct_admin_t structure
        contains the following fields:

        creator
                The identity of the principal who created this account
                in sec_rgy_foreign_id_t form. This field is set by the
                registry server.

        creation_date
                The date (sec_timeval_sec_t) the account was created.
                This field is set by the registry server.

        last_changer
                The identity of the principal who last modified any of
                the account information (user or administrative). This
                field is set by the registry server.

        change_date
                The date (sec_timeval_sec_t) the account was last
                modified (either user or administrative data). This
                field is set by the registry server.

        expiration_date
                The date (sec_timeval_sec_t) the account will cease
                to be valid.

        good_since_date
                This date (sec_timeval_sec_t) is for Kerberos-style,
                ticket-granting ticket revocation. Ticket-granting
                tickets issued before this date will not be honored
                by authenticated network services.

        flags   Contains administration flags used as part of the
                administrator's information for any registry account.
                This field is in sec_rgy_acct_admin_flags_t form.
                (See sec_intro for a complete description of these
                flags.)

        authentication_flags
                Contains flags controlling use of authentication
                services.  This field is in sec_rgy_acct_auth_flags_t
                form. (See sec_intro for a complete description of
                these flags.)

 Output

 status
        A pointer to the completion status.  On successful completion,
        the routine returns error_status_ok.  Otherwise, it returns an
        error.

 DESCRIPTION

 The sec_rgy_acct_admin_replace() routine replaces the administrative
 information in the account record specified by the input login name.
 The administrative information contains limitations on the account's
 use and privileges.  It can be modified only by a registry
 administrator; that is, a user with the admin_info (abbreviated as a)
 privilege for an account.

 The key_parts variable identifies how many of the login_name parts to
 use as the unique abbreviation for the account.  If the requested
 abbreviation duplicates an existing abbreviation for another account,
 the routine supplies the next shortest unique abbreviation and returns
 this abbreviation using key_parts.

 Permissions Required

 The sec_rgy_acct_admin_replace() routine requires the following
 permissions on the account principal:

  +  The m (mgmt_info) permission, if flags or expiration_date is to be
     changed.

  +  The a (auth_info) permission, if authentication_flags or
     good_since_date is to be changed.

 NOTES

 All users need the w (write) privilege in the appropriate ACL entry to
 modify any account information.

 FILES

 SYS$COMMON:[DCE$LIBRARY]ACCT.IDL
              The idl file from which dce/acct.h was derived.

 ERRORS

 sec_rgy_not_authorized
              The client program is not authorized to change the
              administrative information for the specified account.

 sec_rgy_object_not_found
              The registry server could not find the specified name.

 sec_rgy_server_unavailable
              The DCE Registry Server is unavailable.

 error_status_ok
              The call was successful.

 RELATED INFORMATION

   Functions: sec_intro
              sec_rgy_acct_user_replace
              sec_rgy_acct_replace_all
              sec_rgy_acct_lookup
Close Help