Next: kadm5_delete_principal
Up: Functions
Previous: kadm5_destroy
Contents
kadm5_ret_t
kadm5_create_principal(void *server_handle,
kadm5_principal_ent_t princ, u_int32 mask,
char *pw);
AUTHORIZATION REQUIRED: add
- Return KADM5_BAD_MASK if the mask is invalid.
- If the named principal exists, return KADM5_DUP.
- If the POLICY bit is set and the named policy does not exist,
return KADM5_UNK_POLICY.
- If KADM5_POLICY bit is set in aux_attributes check to see if
the password does not meets quality standards, return the appropriate
KADM5_PASS_Q_* error code if it fails.
- Store the principal, set the key; see section 4.4.
- If the POLICY bit is set, increment the named policy's reference
count by one.
- Set the pw_expiration field.
- If the POLICY bit is set in mask, then if pw_max_life is non-zero,
set pw_expiration to now + pw_maxlife, otherwise set pw_max_life to
never.
- If the PW_EXPIRATION bit is set in mask, set pw_expiration to
the requested value, overriding the value set above.
NOTE: This is a change from the original semantics, in which policy
expiration was enforced even on administrators. The old semantics are
not preserved, even for version 1 callers, because this is a
server-specific policy decision; besides, the new semantics are less
restrictive, so all previous callers should continue to function
properly.
- Set mod_date to now and set mod_name to caller.
- Set last_pwd_change to now.
RETURN CODES:
- KADM5_BAD_MASK
- The field mask is invalid for a create
operation.
- KADM5_DUP
- Principal already exists.
- KADM5_UNK_POLICY
- Policy named in entry does not exist.
- KADM5_PASS_Q_*
- Specified password does not meet policy
standards.
Next: kadm5_delete_principal
Up: Functions
Previous: kadm5_destroy
Contents
Autobuild
2009-09-05