sec_key_mgmt_manage_key(3sec) — Subroutines
NAME
sec_key_mgmt_manage_key — Automatically changes a principal’s key before it expires
Synopsis
void sec_key_mgmt_manage_key(
sec_key_mgmt_authn_service authn_service,
void ∗arg,
idl_char ∗principal_name,
error_status_t ∗status);
Parameters
Input
authn_service
Identifies the authentication protocol using this key. The possible authentication protocols are as follows:
rpc_c_authn_dce_secret
DCE shared-secret key authentication.
rpc_c_authn_dce_public
DCE public key authentication (reserved for future use).
argThis parameter can specify either the local key file or an argument to the get_key_fn key acquisition routine of the rpc_server_register_auth_info routine.
A value of NULL specifies that the default key file (/krb/v5srvtab) should be used. A key filename specifies that file should be used as the key file. You must prepend the file’s absolute filename with FILE: and the file must have been created with the rgy_edit ktadd command or the sec_key_mgmt_set_key routine.
Any other value specifies an argument for the get_key_fn key acquisition routine. See the rpc_server_register_auth_info() reference page for more information.
principal_name
A pointer to a character string indicating the name of the principal whose key is to be managed.
Output
statusA pointer to the completion status. On successful completion, the routine returns error_status_ok. Otherwise, it returns an error.
Description
The sec_key_mgmt_manage_key() routine changes the specified principal’s key on a regular basis, as determined by the local cell’s policy. It will run indefinitely, never returning during normal operation, and therefore should be invoked only from a thread that has been devoted to managing keys.
This routine queries the DCE registry to determine the password expiration policy that applies to the named principal. It then idles until a short time before the current key is due to expire and then uses the sec_key_mgmt_gen_rand_key() to produce a new random key, updating both the local key store and the DCE registry. This routine also invokes sec_key_mgmt_garbage_collect() as needed.
Files
/usr/include/dce/keymgmt.idl
The idl file from which dce/keymgmt.h was derived.
Errors
The following describes a partial list of errors that might be returned. Refer to the OSF DCE Problem Determination Guide for complete descriptions of all error messages.
sec_key_mgmt_e_key_unavailable
The old key is not present and therefore cannot be used to set a client side authentication context.
sec_key_mgmt_e_key_unsupported
The key type is not supported.
sec_key_mgmt_e_authn_invalid
The authentication protocol is not valid.
sec_key_mgmt_e_unauthorized
The caller is not authorized to perform the operation.
sec_rgy_server_unavailable
The DCE registry server is unavailable.
sec_rgy_object_not_found
No principal was found with the given name.
error_status_ok
The call was successful.
Related Information
Functions: sec_intro(3sec), sec_key_mgmt_gen_rand_key(3sec), sec_key_mgmt_garbage_collect(3sec).