HELPLIB.HLB  —  DCE  DCE_SECURITY, API Routines, sec_rgy_acct_replace_all
 NAME
   sec_rgy_acct_replace_all - Replaces all account data for an account

 SYNOPSIS

 #include <dce/acct.h>

 void sec_rgy_acct_replace_all(
         sec_rgy_handle_t context,
         sec_rgy_login_name_t *login_name,
         sec_rgy_acct_key_t *key_parts,
         sec_rgy_acct_user_t *user_part,
         sec_rgy_acct_admin_t *admin_part,
         boolean32 set_password,
         sec_passwd_rec_t *caller_key,
         sec_passwd_rec_t *new_key,
         sec_passwd_type_t new_keytype,
         sec_passwd_version_t *new_key_version,
         error_status_t *status);

 PARAMETERS

 Input

 context
        An opaque handle bound to a registry server.  Use
        sec_rgy_site_open() to acquire a bound handle.

 login_name
        A pointer to the account login name.  A login name is composed
        of three character strings, containing the principal, group,
        and organization (PGO) names corresponding to the account. For
        the group and organization names, blank strings can serve as
        wildcards, matching any entry. The principal name must be input.

 user_part
        A pointer to the sec_rgy_acct_user_t structure containing the
        user part of the account data. This represents such information
        as the account password, home directory, and default shell, all
        of which are accessible to, and may be modified by, the account
        owner.

 admin_part
        A pointer to the sec_rgy_acct_admin_t structure containing the
        administrative part of an account's data. This information
        includes the account creation and expiration dates and flags
        describing limits to the use of privilege attribute
        certificates, among other information, and can be modified only
        by an administrator.

 set_passwd
        The password reset flag.  If you set this parameter to TRUE, the
        account's password will be changed to the value specified in
        new_key.

 caller_key
        A key to use to encrypt the key for transmission to the registry
        server. If communications secure to the
        rpc_c_authn_level_pkt_privacy level are available on a system,
        then this parameter is not necessary, and the packet encryption
        is sufficient to ensure security.

 new_key
        The password for the new account. During transmission to the
        registry server, it is encrypted with caller_key.

 new_keytype
        The type of the new key. The server uses this parameter to
        decide how to encode the plaintext key.

 Input/Output

 key_parts
        A pointer to the minimum abbreviation allowed when logging in
        to the account. Abbreviations are not currently implemented
        and the only legal value is sec_rgy_acct_key_person.

 Output

 new_key_version
        The key version number returned by the server. If the client
        requests a particular key version number (via the version_number
        field of the new_key input parameter), the server returns the
        requested version number back to the client.

 status
        A pointer to the completion status.  On successful completion,
        the routine returns error_status_ok.  Otherwise, it returns an
        error.

 DESCRIPTION

 The sec_rgy_acct_replace_all() routine replaces both the user and
 administrative information in the account record specified by the
 input login name. The administrative information contains limitations
 on the account's use and privileges. The user information contains
 such information as the account home directory and default shell.
 Typically, the administrative information can only be modified by a
 registry administrator (users with admin_info (a) privileges for an
 account), while the user information can be modified by the account
 owner (users with user_info (u) privileges for an account).

 Use the set_passwd parameter to reset the account password. If you set
 this parameter to TRUE, the account's pasword is changed to the value
 specified in new_key.

 The key_parts variable identifies how many of the login_name parts to
 use as the unique abbreviation for the replaced account.  If the
 requested abbreviation duplicates an existing abbreviation for another
 account, the routine identifies the next shortest unique abbreviation
 and returns this abbreviation using key_parts.

 Permissions Required

 The sec_rgy_acct_replace_all() routine requires the following
 permissions on the account principal:

  +  The m (mgmt_info) permission, if flags or expiration_date is to
     be changed.

  +  The a (auth_info) permission, if authentication_flags or
     good_since_date is to be changed.

  +  The u (user_info) permission, if user flags, gecos, homedir (home
     directory), shell, or passwd (password) are to be changed.

 NOTES

 All users need the w (write) privilege to modify any account
 information.

 FILES

 SYS$COMMON:[DCE$LIBRARY]ACCT.IDL
              The idl file from which dce/acct.h was derived.

 ERRORS

 sec_rgy_not_authorized
              The client program is not authorized to change account
              information.

 sec_rgy_object_not_found
              The specified account could not be found.

 sec_rgy_server_unavailable
              The DCE Registry Server is unavailable.

 error_status_ok
                The call was successful.

 RELATED INFORMATION

 Functions: sec_intro
            sec_rgy_acct_add
            sec_rgy_acct_admin_replace
            sec_rgy_acct_rename
            sec_rgy_acct_user_replace
Close Help