ibm-information-center/dist/eclipse/plugins/i5OS.ic.apis_5.4.0.1/xsyckphr.htm

373 lines
12 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Copyright" content="Copyright (c) 2006 by IBM Corporation">
<title>Check Password Exit Program</title>
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<!-- Begin Header Records ========================================== -->
<!-- This file has undergone html cleanup June 2002 by JET -->
<!-- Created for V5R4 by Rick Sanders -->
<!-- Change history: -->
<!-- 040109 sanders: New API, XPF 99718 -->
<!--End Header Records -->
<link rel="stylesheet" type="text/css" href="../rzahg/ic.css">
</head>
<body>
<a name="top_Of_Page"></a>
<!-- Java sync-link -->
<script type="text/javascript" language="Javascript" src="../rzahg/synch.js">
</script>
<h2><img src="delta.gif" alt="Start of change">Check Password Exit Program</h2>
<div class="box" style="width: 70%;">
<br>
&nbsp;&nbsp;Required Parameter:<br>
<!-- iddvc RMBR -->
<br>
<table width="100%">
<tr>
<td align="center" valign="top" width="10%">1</td>
<td align="left" valign="top" width="50%">Check password exit
information</td>
<td align="left" valign="top" width="20%">Input</td>
<td align="left" valign="top" width="20%">Char(*)</td>
</tr>
<tr>
<td align="center" valign="top">2</td>
<td align="left" valign="top">Return indicator</td>
<td align="left" valign="top">Output</td>
<td align="left" valign="top">Char(1)</td>
</tr>
</table>
<br>
&nbsp;&nbsp;QSYSINC Member Name: ECHKPWD1<br>
<!-- iddvc RMBR -->
<br>
&nbsp;&nbsp;Exit Point Name: QIBM_QSY_CHK_PASSWRD<br>
<!-- iddvc RMBR -->
<br>
&nbsp;&nbsp;Exit Point Format Name: CHKP0100<br>
<!-- iddvc RMBR -->
<br>
</div>
<p>The Check Password exit program is called when a
Create User Profile (CRTUSRPRF) command,
Change User Profile (CHGUSRPRF) command,
Change Password (CHGPWD)
command, or Change Password (QSYCHGPW) API is used to
set or change the password associated with a
user profile. The exit program is
called after the system value based
password composition rules have been successfully checked.</p>
<p><strong>Note:</strong> The Limit Password Character Positions
(QPWDPOSDIF) system value based composition rule is not checked
before calling the exit program
because the old password value is not available through all of
the interfaces that can set or change the password.</p>
<p>The exit program can examine the new password value for conformance
with customer unique password composition rules. The exit program returns an
indication whether the new password conforms to the customer's
password rules. This indication will be used so that the security
audit journal can record whether the
changed password conforms to the password composition rules. However,
the password will be changed regardless of whether the exit program
returns an indication that the password does not conform to the
customer's password rules.</p>
<p>The exit
point supports multiple exit programs. However, additional exit programs will
not be called after receiving an indication that the new password does not
conform from one of the exit programs. (For information about adding an exit
program to an exit point, see the Registration Facility part.)</p>
<p>Any escape message received from an exit program or encountered while trying
to call an exit program, will be treated as an indication that the new password
does not conform to the customer's password rules.</p>
<p>The specified exit program must exist in the system auxiliary storage pool
(ASP) or one of the basic user ASPs at the time it is added to the registration
facility. If the program does not exist, the request to add the exit program
will be rejected.</p>
<p>The exit program must exist in the system ASP or one of the basic user ASPs
at the time the exit point attempts to locate the exit program. If the
specified exit program does not exist in the system ASP or one of the basic
user ASPs, the condition will be treated as an indication that the new password
does not conform to the customer's password rules.</p>
<p>This exit point is very similar to the
QIBM_QSY_VLD_PASSWRD exit point. The key differences between these two
exit points are:</p>
<ul>
<li>This exit point is called after the password has been changed while
the QIBM_QSY_VLD_PASSWRD exit is called before the password is changed.</li>
<li>The returned indicator for this exit program does not effect the
password change while the return indicator from the QIBM_QSY_VLD_PASSWRD
exit does effect whether the password is changed.
</li>
<li>This exit point is called for passwords set by the CRTUSRPRF and
CHGUSRPRF comands while the QIBM_QSY_VLD_PASSWRD is not called for
either of these commands.</li>
<li>All cases where the QIBM_QSY_VLD_PASSWRD exit is called
(and all successful indications were returned) will also call this exit.
However, the reverse is not true.
</li>
</ul>
<br>
<h3>Authorities and Locks</h3>
<dl>
<dt><em>User Profile Authority</em></dt>
<dd>*ALLOBJ and *SECADM to add or remove exit programs to the registration
facility</dd>
</dl>
<br>
<h3>Required Parameter</h3>
<dl>
<dt><strong>Check password exit information</strong></dt>
<dd>INPUT; CHAR(*)
<p>Information needed by the exit program for notification of a password
change. For details, see <a href="#HDRCHKFMT">Format of Check Password Exit
Information</a>.</p>
</dd>
<dt><strong>Return indicator</strong></dt>
<dd>OUTPUT; CHAR(1)
<p>Indicates whether the new password conforms to the customer's
password rules.</p>
<table cellpadding="5">
<!-- cols="5 95" -->
<tr>
<td align="left" valign="top"><em>'0'</em></td>
<td align="left" valign="top">Indicates that the new password conforms
to the customer's password rules.</td>
</tr>
<tr>
<td align="left" valign="top"><em>'1'</em></td>
<td align="left" valign="top">Indicates that the new password does not
conform to the customer's password rules.</td>
</tr>
</table>
<p><strong>Note:</strong> Any value other than '0' indicates that the new
password does not conform to the customer's password rules.</p>
</dd>
</dl>
<br>
<h3><a name="HDRCHKFMT">Format of Check Password Exit Information</a></h3>
<p>The following table shows the structure of the check password exit
information for format CHKP0100. For a description of the fields in this
format, see <a href="#HDRCHKI">Field Descriptions</a>.</p>
<table border width="80%">
<tr>
<th align="center" valign="top" colspan="2">Offset</th>
<th align="left" valign="bottom" rowspan="2">Type</th>
<th align="left" valign="bottom" rowspan="2">Field</th>
</tr>
<tr>
<th align="center" valign="bottom">Dec</th>
<th align="center" valign="bottom">Hex</th>
</tr>
<tr>
<td align="center" valign="top" width="10%">0</td>
<td align="center" valign="top" width="10%">0</td>
<td align="left" valign="top" width="20%">CHAR(20)</td>
<td align="left" valign="top" width="60%">Exit point name</td>
</tr>
<tr>
<td align="center" valign="top">20</td>
<td align="center" valign="top">14</td>
<td align="left" valign="top">CHAR(8)</td>
<td align="left" valign="top">Exit point format name</td>
</tr>
<tr>
<td align="center" valign="top">28</td>
<td align="center" valign="top">1C</td>
<td align="left" valign="top">BINARY(4)</td>
<td align="left" valign="top">Password level</td>
</tr>
<tr>
<td align="center" valign="top">32</td>
<td align="center" valign="top">20</td>
<td align="left" valign="top">CHAR(10)</td>
<td align="left" valign="top">User profile name</td>
</tr>
<tr>
<td align="center" valign="top">42</td>
<td align="center" valign="top">2A</td>
<td align="left" valign="top">CHAR(2)</td>
<td align="left" valign="top">Reserved</td>
</tr>
<tr>
<td align="center" valign="top">44</td>
<td align="center" valign="top">2C</td>
<td align="left" valign="top">BINARY(4)</td>
<td align="left" valign="top">Offset to old password</td>
</tr>
<tr>
<td align="center" valign="top">48</td>
<td align="center" valign="top">30</td>
<td align="left" valign="top">BINARY(4)</td>
<td align="left" valign="top">Length of old password</td>
</tr>
<tr>
<td align="center" valign="top">52</td>
<td align="center" valign="top">34</td>
<td align="left" valign="top">BINARY(4)</td>
<td align="left" valign="top">CCSID of old password</td>
</tr>
<tr>
<td align="center" valign="top">56</td>
<td align="center" valign="top">38</td>
<td align="left" valign="top">BINARY(4)</td>
<td align="left" valign="top">Offset to new password</td>
</tr>
<tr>
<td align="center" valign="top">60</td>
<td align="center" valign="top">3C</td>
<td align="left" valign="top">BINARY(4)</td>
<td align="left" valign="top">Length of new password</td>
</tr>
<tr>
<td align="center" valign="top">64</td>
<td align="center" valign="top">40</td>
<td align="left" valign="top">BINARY(4)</td>
<td align="left" valign="top">CCSID of new password</td>
</tr>
<tr>
<td align="center" valign="top">&nbsp;</td>
<td align="center" valign="top">&nbsp;</td>
<td align="left" valign="top">CHAR(*)</td>
<td align="left" valign="top">Old password</td>
</tr>
<tr>
<td align="center" valign="top">&nbsp;</td>
<td align="center" valign="top">&nbsp;</td>
<td align="left" valign="top">CHAR(*)</td>
<td align="left" valign="top">New password</td>
</tr>
</table>
<br>
<br>
<h3><a name="HDRCHKI">Field Descriptions</a></h3>
<p><strong>CCSID of new password.</strong> The CCSID of the new password field.
The CCSID value will be 13488.</p>
<p><strong>CCSID of old password.</strong> The CCSID of the old password field.
The CCSID value will be 13488.</p>
<p><strong>Exit point format name.</strong> The format name for the Check
Password exit program. The possible format name is:</p>
<table cellpadding="5">
<!-- cols="15 85" -->
<tr>
<td align="left" valign="top"><em>CHKP0100</em></td>
<td align="left" valign="top">The format name that is used after a user
password is changed by the CRTUSRPRF, CHGUSRPRF,
CHGPWD command or QSYCHGPW API.</td>
</tr>
</table>
<p><strong>Exit point name.</strong> The name of the exit point that calls the
exit program.</p>
<p><strong>Length of new password.</strong> The length, in bytes, of the new
password field.</p>
<p><strong>Length of old password.</strong> The length, in bytes, of the old
password field.</p>
<p>The length value will be 12. The old password value is not available
in all cases so a value of '*NOPWD' is used. This allows the format of the
information passed to the QIBM_QSY_CHK_PASSWRD and QIBM_QSY_VLD_PASSWRD
exit programs to be the same.</p>
<p><strong>New password.</strong> The new password value.</p>
<p><strong>Offset to new password.</strong> The offset from the beginning of
the check password exit information to the new password field.</p>
<p><strong>Offset to old password.</strong> The offset from the beginning of
the check password exit information to the old password field.</p>
<p><strong>Old password.</strong> The old password value.</p>
<p>The old password value is not available
in all cases so a value of '*NOPWD' is used. This allows the format of the
information passed to the QIBM_QSY_CHK_PASSWRD and QIBM_QSY_VLD_PASSWRD
exit programs to be the same.</p>
<p><strong>Password level.</strong> The password level in affect for the
system. See the QPWDLVL system value for a description of the possible
values.</p>
<p><strong>User profile name.</strong> The name of the user profile whose
password is being changed.</p>
<img src="deltaend.gif" alt="End of change">
<br>
<hr>
API introduced: V5R4
<hr>
<center>
<table cellpadding="2" cellspacing="2">
<tr align="center">
<td valign="middle" align="center"><a href="#Top_Of_Page">Top</a> | <a href=
"unix.htm">Security APIs</a> | <a href="aplist.htm">APIs by category</a></td>
</tr>
</table>
</center>
</body>
</html>