PreviousNext

sec_rgy_acct_add(3sec)

Adds an account for a login name

Synopsis

#include <dce/acct.h>

void sec_rgy_acct_add(
sec_rgy_handle_t context,
sec_rgy_login_name_t *
login_name,
sec_rgy_acct_key_t *
key_parts,
sec_rgy_acct_user_t *
user_part,
sec_rgy_acct_admin_t *
admin_part,
sec_passwd_rec_t *
caller_key,
sec_passwd_rec_t *
new_key,
sec_passwd_type_t
new_keytype,
sec_passwd_version_t *
new_key_version,
error_status_t *
status);

Parameters

Input

context
An opaque handle bound to a registry server. Use sec_rgy_site_open( ) to acquire a bound handle.

login_name
A pointer to the account login name. A login name is composed of three character strings, containing the principal, group, and organization (PGO) names corresponding to the account. All three names must be completely specified.

key_parts
A pointer to the minimum abbreviation allowed when logging in to the account. Abbreviations are not currently implemented and the only legal value is sec_rgy_acct_key_person.

user_part
A pointer to the sec_rgy_acct_user_t structure containing the user part of the account data. This represents such information as the account password, home directory, and default shell.

admin_part
A pointer to the sec_rgy_acct_admin_t structure containing the administrative part of an account's data. This information includes the account creation and expiration dates and flags describing limits to the use of privilege attribute certificates, among other information.

caller_key
The key representing the user's current password, used to encrypt new_key for transmission to the registry server.

new_key
The password for the new account. During transmission to the registry server, it is encrypted with caller_key.

new_keytype
The type of the new key. The server uses this parameter to decide how to encode new_key if it is sent as plaintext.

Output

new_key_version
The key version number returned by the server. If the client requests a particular key version number (via the version_number field of the new_key input parameter), the server returns the requested version number back to the client.

status
A pointer to the completion status. On successful completion, the routine returns error_status_ok. Otherwise, it returns an error.

Description
The sec_rgy_acct_add( ) routine adds an account with the specified login name. The login name is given in three parts, corresponding to the principal, group, and organization names for the account. All input parameters and all fields in those parameters are required.

The key_parts variable specifies the minimum login abbreviation for the account. If the requested abbreviation duplicates an existing abbreviation for another account, the routine supplies the next shortest unique abbreviation and returns this abbreviation in key_parts. Abbreviations are not currently implemented.

Permissions Required

The sec_rgy_acct_add( ) routine requires the following permissions on the account (principal) that is to be added:

· The m (mgmt_info) permission to change management information.

· The a (auth_info) permission to change authentication information.

· The u (user_info) permission to change user information.

Notes
The constituent principal, group, and organization (PGO) items for an account must be added before the account can be created. (See the sec_rgy_pgo_add( ) routine). Also, the principal must have been added as a member of the specified group and organization. (See the sec_rgy_pgo_add_member( ) routine).

Files

/usr/include/dce/acct.idl
The idl file from which dce/acct.h was derived.

Errors

The following describes a partial list of errors that might be returned. Refer to the OSF DCE Problem Determination Guide for complete descriptions of all error messages.

sec_rgy_not_authorized
The client program is not authorized to add an account to the registry.

sec_rgy_not_member_group
The indicated principal is not a member of the indicated group.

sec_rgy_not_member_org
The indicated principal is not a member of the indicated organization.

sec_rgy_not_member_group_org
The indicated principal is not a member of the indicated group or organization.

sec_rgy_object exists
The account to be added already exists.

sec_rgy_server_unavailable
The DCE Registry Server is unavailable.

error_status_ok
The call was successful.

Related Information
Functions:

sec_intro(3sec)

sec_rgy_acct_delete(3sec)

sec_rgy_login_get_info(3sec)

sec_rgy_pgo_add(3sec)

sec_rgy_pgo_add_member(3sec)

sec_rgy_site_open(3sec)