friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
master
ibm-information-center/dist/eclipse/plugins/i5OS.ic.apis_5.4.0.1/qsygenprftkn.htm

445 lines
11 KiB
HTML
Raw Permalink Normal View History

Add readme and dist folders
2024-04-02 14:02:31 +00:00
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Copyright" content="Copyright (c) 2006 by IBM Corporation">
<title>Generate Profile Token (QsyGenPrfTkn) API</title>
<!-- Begin Header Records ========================================== -->
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<!-- QSYGENPT SCR450 A converted by B2H R4.1 (346) (CMS) by V2DCIJB -->
<!-- at RCHVMW2 on 2 Oct 1999 at 10:00:48 -->
<!-- Change History: -->
<!-- YYMMDD USERID Change description -->
<!-- File created for V5R3 by Therese Dalton -->
<!-- 021015 JETAYLOR html and formatting cleanup -->
<!--End Header Records -->
<link rel="stylesheet" type="text/css" href="../rzahg/ic.css">
</head>
<body>
<a name="Top_Of_Page"></a>
<!-- Java sync-link -->
<script language="Javascript" src="../rzahg/synch.js" type="text/javascript">
</script>
<h2>Generate Profile Token (QsyGenPrfTkn) API</h2>
<p><img src="delta.gif" alt="Start of change"></p>
<div class="box" style="width: 70%;">
<br>
&nbsp;&nbsp;Syntax for QsyGenPrfTkn:<br>
<pre>
#include &lt;qsyptkn.h&gt;
void QsyGenPrfTkn
(unsigned char *<em>Profile_token</em>,
char *<em>User_profile_name</em>,
char *<em>User_password</em>,
int *<em>Time_out_interval</em>,
char *<em>Profile_token_type</em>,
void *<em>Error_code</em>);
</pre>
&nbsp;&nbsp;Service Program: QSYPTKN<br>
<!-- iddvc RMBR -->
<br>
&nbsp;&nbsp;Default Public Authority: *USE<br>
<!-- iddvc RMBR -->
<br>
&nbsp;&nbsp;Threadsafe: Yes<br>
<!-- iddvc RMBR -->
<br>
</div>
<p><img src="deltaend.gif" alt="End of change"></p>
<p>The Generate Profile Token (QsyGenPrfTkn) API
verifies that the caller has authority to generate a profile token for the
requested profile and then generates a profile token. This profile token
can be passed to one or more additional processes which can then use it to
perform tasks on behalf of the authenticated user.</p>
<p>This API requires a special value to be specified for the user password
parameter. If you
need to validate a user password, see the Generate Profile Token Extended
(QsyGenPrfTknE) API.</p>
<p>The Generate Profile Token API follows this process:</p>
<ul>
<li>Verifies that the user ID and password value are correct. Incorrect password
values and special cases are handled as follows:
<br>
<br>
<ul>
<li>*NOPWD is not allowed if the user profile name is the name of the user
profile running currently.<br>
<br>
</li>
<li>To obtain a profile token for a profile that does not have a password,
specify *NOPWD, *NOPWDCHK or *NOPWDSTS for the password parameter.
<p>
You cannot obtain
a profile token for the following system-supplied user profiles:
<pre>
QAUTPROF QDLFM QMSF QSNADS QTSTRQS
QCLUMGT QDOC QNETSPLF QSPL
QCOLSRV QDSNX QNFSANON QSPLJOB
QDBSHR QFNC QNTP QSRVAGT
QDBSHRDO QGATE QPEX QSYS
QDFTOWN QLPAUTO QPM400 QTCP
QDIRSRV QLPINSTALL QRJE QTFTP
</pre>
</li>
<li>
To obtain a profile token for a profile that is disabled,
specify *NOPWDCHK for the password parameter.
<br>
<br>
</li>
<li>
To obtain a profile token when the password is expired,
specify *NOPWDCHK or *NOPWDSTS for the password parameter.
<br>
<br>
</li>
</ul>
</li>
<li>Generates the profile token designating the
user's authorities.
<p>The maximum number of profile tokens that can be generated is
approximately 2,000,000 per system; after that, the space to store them is full.
Message CPF4AAA is sent to the application, and no more profile tokens can
be generated until one is removed.<br>
<br>
</li>
<li>Updates the last-used date for the user and its group profiles.<br>
<br>
</li>
<li>Resets the signon attempts not valid count to zero when a profile
token is successfully generated for a user.<br>
<br>
</li>
<li>If security-related events are being audited, adds an entry to the
QAUDJRN audit journal to indicate that a profile token is created.<br>
<br>
</li>
</ul>
<br>
<h3>Authorities and Locks</h3>
<dl>
<dt><em>API Public Authority</em></dt>
<dd>*USE</dd>
<dt><em>User profile authority</em></dt>
<dd>*USE</dd>
<dt><em>User Profile Lock</em></dt>
<dd>*LSRD</dd>
</dl>
<br>
<h3>Required Parameter Group</h3>
<dl>
<dt><strong>Profile token</strong></dt>
<dd>OUTPUT; CHAR(32)
<p>The profile token that is generated.</p>
<br>
</dd>
<dt><strong>User profile name</strong></dt>
<dd>INPUT; CHAR(10)
<p>The name of the user for which to generate the profile token.
</p>
<br>
</dd>
<dt><strong>User password</strong></dt>
<dd>INPUT; CHAR(10)
<p>The password value used to generate the profile token.</p>
<p>
Only special values are allowed for this parameter.
A special value must be a 10 character,
blank padded value in CCSID 37.
</p>
<p>One of the following special values must be specified:</p>
<table cellpadding="5">
<!-- cols="15 85" -->
<tr>
<td align="left" valign="top"><em>*NOPWD</em></td>
<td align="left" valign="top">
The user requesting the profile token must have *USE authority to the user profile.
<p>
A profile token does not get created for a disabled user profile.
</p>
<p>
A profile token does not get created for a user profile with an expired password.
</p>
<p>This value
is not allowed if the name of the currently running profile is specified
for the user profile name parameter.</td>
</tr>
<tr>
<td align="left" valign="top"><em>*NOPWDCHK</em></td>
<td align="left" valign="top">The user requesting the profile
token must have *USE authority to the user profile.
<p>
If the profile is disabled,
the user requesting the profile
token must have *ALLOBJ and
*SECADM special authorities
to get a token.
<p>
If the password is expired,
the user requesting the profile
token must have *ALLOBJ and
*SECADM special authorities
to get a token.
</td>
</tr>
<tr>
<td align="left" valign="top"><em>
*NOPWDSTS
</em></td>
<td align="left" valign="top">
The user requesting the profile token must have *USE authority to the user profile.
<p>
A profile token does not get created for a disabled user profile.
</p>
<p>
If the password is expired,
the user requesting the profile
token must have *ALLOBJ and
*SECADM special authorities
to get a token.
</p>
</td>
</tr>
</table>
<br>
</dd>
<dt><strong>Time out interval</strong></dt>
<dd>INPUT; BINARY(4)
<p>The time before the profile token times out.</p>
<p>You can specify one of the following values:</p>
<table cellpadding="5">
<!-- cols="15 85" -->
<tr>
<td align="left" valign="top"><em>-1</em></td>
<td align="left" valign="top">Use system default value (3600 seconds)</td>
</tr>
<tr>
<td align="left" valign="top" nowrap><em>1-3600</em></td>
<td align="left" valign="top">Time out value in seconds.</td>
</tr>
</table>
<br>
</dd>
<dt><strong>Profile token type</strong></dt>
<dd>INPUT; CHAR(1)
<p>The type of the profile token to be generated.</p>
<p>You can specify one of the following values:</p>
<table cellpadding="5">
<!-- cols="5 95" -->
<tr>
<td align="left" valign="top"><em>1</em></td>
<td align="left" valign="top">Single-use profile token. A single-use
profile token can be used only on the Set To Profile Token (QSYSETPT;
QsySetToProfileToken) API once and cannot be used to generate new profile
tokens.</td>
</tr>
<tr>
<td align="left" valign="top"><em>2</em></td>
<td align="left" valign="top">Multiple-use profile token. A multiple-use profile token
can be used on the Set To Profile Token (QSYSETPT; QsySetToPrfTkn) API an
unlimited number of times, but cannot be used to generate new profile
tokens.</td>
</tr>
<tr>
<td align="left" valign="top"><em>3</em></td>
<td align="left" valign="top">Multiple-use, regenerable profile token. A multiple-use,
regenerable profile token can be used on the Set To Profile Token
(QSYSETPT; QsySetToPrfTkn) API an unlimited number of times and can be
used to generate a new single-use, multiple-use, or multiple-use,
regenerable profile token.</td>
</tr>
</table>
<br>
</dd>
<dt><strong>Error code</strong></dt>
<dd>I/O; CHAR(*)
<p>The structure in which to return error information. For the format of
the structure, see <a href="../apiref/error.htm#hdrerrcod">Error Code
Parameter</a>.</p>
</dd>
</dl>
<br>
<h3>Error Messages</h3>
<table cellpadding="5">
<!-- cols="15 85" -->
<tr>
<th align="left" valign="top">Message ID</th>
<th align="left" valign="top">Error Message Text</th>
</tr>
<tr>
<td align="left" valign="top">CPF22E3 E</td>
<td align="left" valign="top">User profile &amp;1 is disabled.</td>
</tr>
<tr>
<td align="left" valign="top">CPF22E4 E</td>
<td align="left" valign="top">Password for user profile &amp;1 has expired.</td>
</tr>
<tr>
<td align="left" valign="top">CPF22E9 E</td>
<td align="left" valign="top">*USE authority to user profile &amp;1 required.</td>
</tr>
<tr>
<td align="left" valign="top">CPF2204 E</td>
<td align="left" valign="top">User profile &amp;1 not found.</td>
</tr>
<tr>
<td align="left" valign="top">CPF2213 E</td>
<td align="left" valign="top">Not able to allocate user profile &amp;1.</td>
</tr>
<tr>
<td align="left" valign="top">CPF2225 E</td>
<td align="left" valign="top">Not able to allocate internal system object.</td>
</tr>
<tr>
<td align="left" valign="top">CPF227F E</td>
<td align="left" valign="top">*NOPWD not allowed for current user.</td>
</tr>
<tr>
<td align="left" valign="top">CPF3CF1 E</td>
<td align="left" valign="top">Error code parameter not valid.</td>
</tr>
<tr>
<td align="left" valign="top">CPF3C3C E</td>
<td align="left" valign="top">Value for parameter &amp;1 not valid.</td>
</tr>
<tr>
<td align="left" valign="top">CPF3C90 E</td>
<td align="left" valign="top">Literal value cannot be changed.</td>
</tr>
<tr>
<td align="left" valign="top">CPF4AAA E</td>
<td align="left" valign="top">Maximum number of profile tokens have been
generated.</td>
</tr>
<tr>
<td align="left" valign="top">CPF4AAB E</td>
<td align="left" valign="top">Time out value not valid.</td>
</tr>
<tr>
<td align="left" valign="top">CPF4AAD E</td>
<td align="left" valign="top">Profile token type not valid.</td>
</tr>
<tr>
<td align="left" valign="top">CPF4AB8 E</td>
<td align="left" valign="top">Insufficient authority for user profile &amp;1.
</td>
</tr>
<tr>
<td align="left" valign="top">CPF9872 E</td>
<td align="left" valign="top">Program or service program &amp;1 in library &amp;2
ended. Reason code &amp;3.</td>
</tr>
</table>
<br>
<br>
<hr>
API introduced: V4R5
<hr>
<center>
<table cellpadding="2" cellspacing="2">
<tr align="center">
<td valign="middle" align="center"><a href="#Top_Of_Page">Top</a> | <a href=
"sec.htm">Security APIs</a> | <a href="aplist.htm">APIs by category</a></td>
</tr>
</table>
</center>
</body>
</html>
Reference in New Issue Copy Permalink