393 lines
12 KiB
HTML
393 lines
12 KiB
HTML
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||
|
<html>
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||
|
<meta name="Copyright" content="Copyright (c) 2006 by IBM Corporation">
|
||
|
<title>Check Encrypted User Password (QSYCUPWD) API</title>
|
||
|
<!-- Begin Header Records ========================================= -->
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<!-- Created by Barb Smith for V5R2 -->
|
||
|
<!-- Change History: -->
|
||
|
<!-- YYMMDD USERID Change description -->
|
||
|
<!--File Edited by Kersten Dec 2001 -->
|
||
|
<!-- End Header Records -->
|
||
|
<link rel="stylesheet" type="text/css" href="../rzahg/ic.css">
|
||
|
</head>
|
||
|
<body>
|
||
|
<a name="Top_Of_Page"></a>
|
||
|
<!-- Java sync-link -->
|
||
|
<script type="text/javascript" language="Javascript" src="../rzahg/synch.js">
|
||
|
</script>
|
||
|
|
||
|
<h2>Check Encrypted User Password (QSYCUPWD) API</h2>
|
||
|
|
||
|
<div class="box" style="width: 80%;">
|
||
|
<br>
|
||
|
Required Parameter Group:<br>
|
||
|
<!-- iddvc RMBR -->
|
||
|
<br>
|
||
|
<table width="100%">
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="10%">1</td>
|
||
|
<td align="left" valign="top" width="55%">Encrypted password return code</td>
|
||
|
<td align="left" valign="top" width="15%">Output</td>
|
||
|
<td align="left" valign="top" width="20%">Char(1)</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">2</td>
|
||
|
<td align="left" valign="top">Receiver variable from QSYRUPWD</td>
|
||
|
<td align="left" valign="top">Input</td>
|
||
|
<td align="left" valign="top">Char(*)</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">3</td>
|
||
|
<td align="left" valign="top">Format</td>
|
||
|
<td align="left" valign="top">Input</td>
|
||
|
<td align="left" valign="top">Char(8)</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">4</td>
|
||
|
<td align="left" valign="top">Error code</td>
|
||
|
<td align="left" valign="top">I/O</td>
|
||
|
<td align="left" valign="top">Char(*)</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<br>
|
||
|
Default Public Authority: *EXCLUDE<br>
|
||
|
<!-- iddvc RMBR -->
|
||
|
<br>
|
||
|
Threadsafe: No<br>
|
||
|
<!-- iddvc RMBR -->
|
||
|
<br>
|
||
|
</div>
|
||
|
|
||
|
<p>The Check Encrypted User Password (QSYCUPWD) API checks to see if the
|
||
|
encrypted password data for the specified user profile on the system on which
|
||
|
this API is run is the same as the encrypted password data for the user on the
|
||
|
system where the Retrieve Encrypted User Password (QSYRUPWD) API was run.</p>
|
||
|
|
||
|
<p>The API does not check the
|
||
|
iSeries Support for Windows Network Neighborhood (iSeries NetServer)
|
||
|
encrypted password information. Only the encrypted
|
||
|
passwords used to sign on from a sign-on display are
|
||
|
checked.</p>
|
||
|
|
||
|
<p>The QSYCUPWD API follows this process:</p>
|
||
|
|
||
|
<ul>
|
||
|
<li>Verifies that the user calling this API is authorized.<br>
|
||
|
<br>
|
||
|
</li>
|
||
|
|
||
|
<li>Verifies that the user profile specified in the receiver variable from
|
||
|
QSYRUPWD parameter exists and is correct.<br>
|
||
|
<br>
|
||
|
|
||
|
</ul>
|
||
|
<ul>
|
||
|
<li>If the user profile is disabled, the incorrect password count is
|
||
|
incremented and the appropriate value is set in the encrypted password return
|
||
|
code.<br>
|
||
|
<br>
|
||
|
</li>
|
||
|
|
||
|
<li>If the password for the user profile is *NONE or expired, the appropriate
|
||
|
value is set in the encrypted password return code.
|
||
|
If the local password management (LCLPWDMGT) value
|
||
|
for the user profile is *NO, then the password for the user profile will be *NONE.
|
||
|
</li>
|
||
|
|
||
|
|
||
|
</ul>
|
||
|
<ul>
|
||
|
|
||
|
<li>Checks to see if the encrypted passwords can be compared. If the passwords
|
||
|
cannot be compared, the appropriate value is set in the encrypted password
|
||
|
return code.
|
||
|
|
||
|
<p>The release versions and password levels must be compatible between the
|
||
|
system on which this API is run and the system where the QSYRUPWD API was run
|
||
|
to be able to compare the passwords. The passwords can be compared only if the
|
||
|
user profile has a password for password level 0 or 1 on both systems or a
|
||
|
password for password level 2 or 3 on both systems. If a system is at a release
|
||
|
previous to V5R1M0, then the password for the user profile on that system is a
|
||
|
password for password level 0 or 1.</p>
|
||
|
|
||
|
<p>To determine if the user profile has a password for password level 0 or 1 or
|
||
|
for password level 2 or 3, run either the Display Authorized Users (DSPAUTUSR)
|
||
|
command and use the F11 key to see password level information, the Print User
|
||
|
Profile (PRTUSRPRF) command using TYPE(*PWDLVL), or the Display User Profile
|
||
|
(DSPUSRPRF) command using TYPE(*BASIC) to an outfile. These commands must be
|
||
|
run on a V5R1M0 (or later) system.</p>
|
||
|
</li>
|
||
|
|
||
|
<li>Compares the passwords. If the passwords do not match, the incorrect
|
||
|
password count is incremented. The QMAXSIGN system value contains the maximum
|
||
|
number of incorrect attempts to sign on. If the QMAXSGNACN system value is set
|
||
|
to disable the user profile, repeated attempts to check the encrypted password
|
||
|
when there is a mismatch will disable the user profile.</li>
|
||
|
</ul>
|
||
|
|
||
|
<br>
|
||
|
|
||
|
|
||
|
<h3>Authorities and Locks</h3>
|
||
|
|
||
|
<dl>
|
||
|
<dt><em>User Profile Authority</em></dt>
|
||
|
|
||
|
<dd>Caller of this API must have *ALLOBJ and *SECADM special authorities</dd>
|
||
|
|
||
|
<dt><em>API Public Authority</em></dt>
|
||
|
|
||
|
<dd>*EXCLUDE</dd>
|
||
|
</dl>
|
||
|
|
||
|
<br>
|
||
|
|
||
|
|
||
|
<h3>Required Parameter Group</h3>
|
||
|
|
||
|
<dl>
|
||
|
<dt><strong>Encrypted password return code</strong></dt>
|
||
|
|
||
|
<dd>OUTPUT; CHAR(1)
|
||
|
|
||
|
<p>Whether the encrypted password for the user profile on the system on which
|
||
|
this API is run matches the encrypted password for the same user profile that
|
||
|
is specified in the receiver variable from QSYRUPWD parameter. This parameter
|
||
|
contains one of the following:</p>
|
||
|
|
||
|
<table cellpadding="5">
|
||
|
<!-- cols="5 95" -->
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>0</em></td>
|
||
|
<td align="left" valign="top">The passwords match.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>1</em></td>
|
||
|
<td align="left" valign="top">The user profile on the system on which this API
|
||
|
is run is disabled.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>2</em></td>
|
||
|
<td align="left" valign="top">The password for the user on the system on which
|
||
|
this API is run is *NONE.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>3</em></td>
|
||
|
<td align="left" valign="top">The password for the user profile on the system
|
||
|
on which this API is run is expired.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>4</em></td>
|
||
|
<td align="left" valign="top">The passwords could not be compared.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>9</em></td>
|
||
|
<td align="left" valign="top">The passwords do not match.</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Receiver variable from QSYRUPWD</strong></dt>
|
||
|
|
||
|
<dd>INPUT; CHAR(*)
|
||
|
|
||
|
<p>The variable that is used to check the encrypted password for the user. The
|
||
|
receiver variable from the QSYRUPWD API must be used as input to this API. For
|
||
|
this API to successfully check the encrypted password for the user, the bytes
|
||
|
returned value must be equal to the bytes available value in the input data.
|
||
|
The input data must be retrieved from the receiver variable used by the
|
||
|
QSYRUPWD API and cannot be changed in any way.</p>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Format</strong></dt>
|
||
|
|
||
|
<dd>INPUT; CHAR(8)
|
||
|
|
||
|
<p>The name of the format that is used to check the user's encrypted password
|
||
|
data. The following value is allowed:</p>
|
||
|
|
||
|
<table cellpadding="5">
|
||
|
<!-- cols="25 75" -->
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em><a href="#UPWD0100">UPWD0100</a></em></td>
|
||
|
<td align="left" valign="top">Encrypted password will be checked.</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Error code</strong></dt>
|
||
|
|
||
|
<dd>I/O; CHAR(*)
|
||
|
|
||
|
<p>The structure in which to return error information. For the format of the
|
||
|
structure, see <a href="../apiref/error.htm#hdrerrcod">Error Code Parameter</a>.</p>
|
||
|
</dd>
|
||
|
</dl>
|
||
|
|
||
|
<br>
|
||
|
<h3><a name="UPWD0100">UPWD0100 Format</a></h3>
|
||
|
|
||
|
<p>The following table describes the input variable that is to be passed as the
|
||
|
second parameter to QSYCUPWD. This input variable must be the same data as the
|
||
|
receiver variable that is returned by the QSYRUPWD API. The receiver variable,
|
||
|
returned by the QSYRUPWD API, cannot be changed in any way prior to passing the
|
||
|
data as input to the QSYCUPWD API. If this data is changed, the QSYCUPWD API
|
||
|
will not be able to successfully check the password for the user. For detailed
|
||
|
descriptions of the fields in the tables, see <a href="#HDRSYSUFD">Field
|
||
|
Descriptions</a>.</p>
|
||
|
|
||
|
<table border width="80%">
|
||
|
<tr>
|
||
|
<th align="center" valign="bottom" colspan="2">Offset</th>
|
||
|
<th align="left" valign="bottom" rowspan="2">Type</th>
|
||
|
<th align="left" valign="bottom" rowspan="2">Field</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<th align="center" valign="bottom">Dec</th>
|
||
|
<th align="center" valign="bottom">Hex</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="10%">0</td>
|
||
|
<td align="center" valign="top" width="10%">0</td>
|
||
|
<td align="left" valign="top" width="20%">BINARY(4)</td>
|
||
|
<td align="left" valign="top" width="60%">Bytes returned</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">4</td>
|
||
|
<td align="center" valign="top">4</td>
|
||
|
<td align="left" valign="top">BINARY(4)</td>
|
||
|
<td align="left" valign="top">Bytes available</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">8</td>
|
||
|
<td align="center" valign="top">8</td>
|
||
|
<td align="left" valign="top">CHAR(10)</td>
|
||
|
<td align="left" valign="top">User profile name</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">18</td>
|
||
|
<td align="center" valign="top">12</td>
|
||
|
<td align="left" valign="top">CHAR(*)</td>
|
||
|
<td align="left" valign="top">Encrypted user password data</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<br>
|
||
|
|
||
|
|
||
|
<h3><a name="HDRSYSUFD">Field Descriptions</a></h3>
|
||
|
|
||
|
<p><strong>Bytes available.</strong> The number of bytes of data available when
|
||
|
retrieved by the QSYRUPWD API. For the QSYCUPWD API to successfully check the
|
||
|
encrypted password for the user, this value must be equal to the bytes returned
|
||
|
value. If the bytes available field is greater than the bytes returned field,
|
||
|
this input cannot be used to successfully check the encrypted password for the
|
||
|
user.</p>
|
||
|
|
||
|
<p><strong>Bytes returned.</strong> The number of bytes of data.</p>
|
||
|
|
||
|
<p><strong>Encrypted user password data.</strong> The encrypted password data
|
||
|
for the user profile.</p>
|
||
|
|
||
|
<p><strong>User profile name.</strong> The name of the user profile for which
|
||
|
the password will be checked.</p>
|
||
|
|
||
|
<br>
|
||
|
|
||
|
|
||
|
<h3>Error Messages</h3>
|
||
|
|
||
|
<table width="100%" cellpadding="5">
|
||
|
<!-- cols="15 85" -->
|
||
|
<tr>
|
||
|
<th align="left" valign="top">Message ID</th>
|
||
|
<th align="left" valign="top">Error Message Text</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td valign="top" width="15%">CPF2203 E</td>
|
||
|
<td valign="top" width="85%">User profile &1 not correct.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF2225 E</td>
|
||
|
<td align="left" valign="top">Not able to allocate internal system object.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF222E E</td>
|
||
|
<td align="left" valign="top">&1 special authority is required.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF3C21 E</td>
|
||
|
<td align="left" valign="top">Format name &1 is not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF3CF1 E</td>
|
||
|
<td align="left" valign="top">Error code parameter not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF4AB2 E</td>
|
||
|
<td align="left" valign="top">Receiver variable from QSYRUPWD has been
|
||
|
altered.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF9801 E</td>
|
||
|
<td align="left" valign="top">Object &2 in library &3 not found.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF9872 E</td>
|
||
|
<td align="left" valign="top">Program or service program &1 in library
|
||
|
&2 ended. Reason code &3.</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<br>
|
||
|
|
||
|
|
||
|
<hr>
|
||
|
API introduced: V5R2
|
||
|
|
||
|
<hr>
|
||
|
<center>
|
||
|
<table cellpadding="2" cellspacing="2">
|
||
|
<tr align="center">
|
||
|
<td valign="middle" align="center"><a href="#Top_Of_Page">Top</a> | <a href=
|
||
|
"sec.htm">Security APIs</a> | <a href="aplist.htm">APIs by category</a></td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
</center>
|
||
|
</body>
|
||
|
</html>
|
||
|
|