next up previous contents
Next: kadm5_chpass_principal Up: Functions Previous: kadm5_modify_principal   Contents

kadm5_rename_principal

kadm5_ret_t
kadm5_rename_principal(void *server_handle, krb5_principal source,
                            krb5_principal target);

AUTHORIZATION REQUIRED: add and delete

  1. Check to see if source principal exists, if not return KADM5_UNK_PRINC error.
  2. Check to see if target exists, if so return KADM5_DUP error.
  3. Create the new principal named target, then delete the old principal named source. All of target's fields will be the same as source's fields, except that mod_name and mod_date will be updated to reflect the current caller and time.

Note that since the principal name may have been used as the salt for the principal's key, renaming the principal may render the principal's current password useless; with the new salt, the key generated by string-to-key on the password will suddenly be different. Therefore, an application that renames a principal must also require the user to specify a new password for the principal (and administrators should notify the affected party).

Note also that, by the same argument, renaming a principal will invalidate that principal's password history information; since the salt will be different, a user will be able to select a previous password without error.

RETURN CODES:

KADM5_UNK_PRINC
Source principal does not exist.
KADM5_DUP
Target principal already exist.


next up previous contents
Next: kadm5_chpass_principal Up: Functions Previous: kadm5_modify_principal   Contents
Autobuild 2009-09-05