NSSSUnlockSecrets
This call unlocks the client's SecretStore after an administrative change of the client's eDirectory password has caused the user's SecretStore with enhanced protection secrets to become locked.
#include <nssscl.h> SS_EXTERN_LIBCALL(int) NSSSUnlockSecrets ( SSS_CONTEXT_T callerContext, SS_OBJECT_DN_T *targetObject, unsigned long ssFlags, SS_PWORD_T *password, SS_EXT_T *ext );
These are common return values for this function; see Section 4.0, Return Values for more information.
NSSSUnlockSecrets the client's SecretStore after an administrative change of the client's eDirectory password. When administrator changes a eDirectory user's password, the SecretStore service is automatically locked. A prior call to NSSSReadSecret will fail with the NSSS_E_NDS_PWORD_CHANGED. Then the client should make a call to NSSSUnlockSecrets and supply the client's old eDirectory password to unlock the SecretStore.
If the service allows master password for users and the user has set a master password on their SecretStore prior to locking, then the user can use the master password to unlock the SecretStore. This helps for instances when the user forgets the eDirectory password.
If the password change has been due to a user forgetting the password and there is no master password, then SecretStore is not recoverable. Consequently, the locked SecretStore should be deleted and recreated by the client. eDirectory password changes by the user will not cause the SecretStore to be locked.
The owner of the SecretStore can use this function call with proper flags to remove the locked secrets or unlock the SecretStore with the previous eDirectory password or master password.