359 lines
10 KiB
HTML
359 lines
10 KiB
HTML
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||
|
<html>
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||
|
<meta name="Copyright" content="Copyright (c) 2006 by IBM Corporation">
|
||
|
<title>Retrieve Encrypted User Password (QSYRUPWD) API</title>
|
||
|
<!-- Begin Header Records ========================================== -->
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<!-- Sec SCRIPT A converted by B2H R4.1 (346) (CMS) by V2KEA304 -->
|
||
|
<!-- at RCHVMW2 on 17 Feb 1999 at 11:05:09 -->
|
||
|
<!-- Change History: -->
|
||
|
<!-- YYMMDD USERID Change description -->
|
||
|
<!-- Edited by Kersten Jan 02 -->
|
||
|
<!--End Header Records -->
|
||
|
<link rel="stylesheet" type="text/css" href="../rzahg/ic.css">
|
||
|
</head>
|
||
|
<body>
|
||
|
<a name="Top_Of_Page"></a>
|
||
|
<!-- Java sync-link -->
|
||
|
<script language="Javascript" src="../rzahg/synch.js" type="text/javascript">
|
||
|
</script>
|
||
|
|
||
|
<h2>Retrieve Encrypted User Password (QSYRUPWD) API</h2>
|
||
|
|
||
|
<div class="box" style="width: 80%;">
|
||
|
<br>
|
||
|
Required Parameter Group:<br>
|
||
|
<!-- iddvc RMBR -->
|
||
|
<br>
|
||
|
<table width="100%">
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="10%">1</td>
|
||
|
<td align="left" valign="top" width="50%">Receiver variable</td>
|
||
|
<td align="left" valign="top" width="20%">Output</td>
|
||
|
<td align="left" valign="top" width="20%">Char(*)</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">2</td>
|
||
|
<td align="left" valign="top">Length of receiver variable</td>
|
||
|
<td align="left" valign="top">Input</td>
|
||
|
<td align="left" valign="top">Binary(4)</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">3</td>
|
||
|
<td align="left" valign="top">Format</td>
|
||
|
<td align="left" valign="top">Input</td>
|
||
|
<td align="left" valign="top">Char(8)</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">4</td>
|
||
|
<td align="left" valign="top">User profile name</td>
|
||
|
<td align="left" valign="top">Input</td>
|
||
|
<td align="left" valign="top">Char(10)</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">5</td>
|
||
|
<td align="left" valign="top">Error code</td>
|
||
|
<td align="left" valign="top">I/O</td>
|
||
|
<td align="left" valign="top">Char(*)</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<br>
|
||
|
Default Public Authority: *EXCLUDE<br>
|
||
|
<!-- iddvc RMBR -->
|
||
|
<br>
|
||
|
Threadsafe: No<br>
|
||
|
<!-- iddvc RMBR -->
|
||
|
<br>
|
||
|
</div>
|
||
|
|
||
|
<p>The Retrieve Encrypted User Password (QSYRUPWD) API returns to the caller
|
||
|
the encrypted password data for the specified user profile. This API works with
|
||
|
the Set Encrypted User Password (QSYSUPWD) API in that the APIs allow the user
|
||
|
to more easily mirror the user profile activity on a second system based on the
|
||
|
activity at the first system.</p>
|
||
|
|
||
|
<p>The data returned by the QSYRUPWD APIs should not be sent to a system that is
|
||
|
at a different
|
||
|
release or at a different password level. If data from this API
|
||
|
is applied to a down-level system or a system with a different password level,
|
||
|
unexpected changes to the user's password data could occur. For example, if the
|
||
|
encrypted password data is retrieved from a system operating at password level
|
||
|
3 and is set on a system operating at password level 0 (or a pre-V5R1 system),
|
||
|
the user profile's password is changed to *NONE. No checks are made to enforce
|
||
|
these recommendations.</p>
|
||
|
|
||
|
<p>If the local password management (LCLPWDMGT) value
|
||
|
for the specified user profile is *NO, then the local i5/OS password will be set to *NONE when the
|
||
|
QSYSUPWD API is called. Also, if the LCLPWDMGT value is *NO for the user profile on the system
|
||
|
where the QSYSUPWD API is called, then the local i5/OS password will be set to *NONE.
|
||
|
</p>
|
||
|
|
||
|
<p>Except for the
|
||
|
iSeries Support for Windows Network Neighborhood (iSeries NetServer) password,
|
||
|
the QSYRUPWD API does not retrieve product-level encrypted data that may be
|
||
|
associated with a user profile.</p>
|
||
|
|
||
|
<p><strong>Note:</strong> If an error occurs while attempting to retrieve the
|
||
|
iSeries NetServer password, the CPF22F0 error will be returned
|
||
|
and no encrypted password data is returned.</p>
|
||
|
|
||
|
<br>
|
||
|
|
||
|
|
||
|
<h3>Authorities and Locks</h3>
|
||
|
|
||
|
<dl>
|
||
|
<dt><em>User Profile Authority</em></dt>
|
||
|
|
||
|
<dd>*ALLOBJ and *SECADM</dd>
|
||
|
|
||
|
<dt><em>API Public Authority</em></dt>
|
||
|
|
||
|
<dd>*EXCLUDE</dd>
|
||
|
</dl>
|
||
|
|
||
|
<br>
|
||
|
|
||
|
|
||
|
<h3>Required Parameter Group</h3>
|
||
|
|
||
|
<dl>
|
||
|
<dt><strong>Receiver variable</strong></dt>
|
||
|
|
||
|
<dd>OUTPUT; CHAR(*)
|
||
|
|
||
|
<p>The variable used to return the information about the user. The necessary
|
||
|
size of this receiver variable can be obtained by calling the QSYRUPWD API with
|
||
|
the length of receiver variable set to 8 bytes. The bytes available value that
|
||
|
is returned in this receiver variable will indicate the necessary size of the
|
||
|
receiver variable. The receiver variable format is defined in <a href=
|
||
|
"#HDRUPWD100">UPWD0100 Format</a>.</p>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Length of receiver variable</strong></dt>
|
||
|
|
||
|
<dd>INPUT; BINARY(4)
|
||
|
|
||
|
<p>The length of the receiver variable. This value must be at least 8 bytes in
|
||
|
length. To obtain all information necessary to call the QSYSUPWD API, you must
|
||
|
use a receiver variable at least as long as the bytes available value that is
|
||
|
returned by this API.</p>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Format</strong></dt>
|
||
|
|
||
|
<dd>INPUT; CHAR(8)
|
||
|
|
||
|
<p>The name of the format that is used to return the user's encrypted
|
||
|
password.</p>
|
||
|
|
||
|
<p>The following value is allowed:</p>
|
||
|
|
||
|
<table cellpadding="5">
|
||
|
<!-- cols="30 70" -->
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em><a href="#HDRUPWD100">UPWD0100</a></em></td>
|
||
|
<td align="left" valign="top">Encrypted password is returned.</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>User profile name</strong></dt>
|
||
|
|
||
|
<dd>INPUT; CHAR(10)
|
||
|
|
||
|
<p>The name of the user for whom the encrypted password will be returned.</p>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Error code</strong></dt>
|
||
|
|
||
|
<dd>I/O; CHAR(*)
|
||
|
|
||
|
<p>The structure in which to return error information. For the format of the
|
||
|
structure, see <a href="../apiref/error.htm#hdrerrcod">Error Code Parameter</a>.</p>
|
||
|
</dd>
|
||
|
</dl>
|
||
|
|
||
|
<br>
|
||
|
|
||
|
|
||
|
<h3>Format of Receiver Variable</h3>
|
||
|
|
||
|
<p>The following tables describe the receiver variable that is returned by the
|
||
|
QSYRUPWD API. This receiver variable is used as input to the QSYSUPWD API
|
||
|
(first parameter). The receiver variable cannot be changed in any way prior to
|
||
|
passing the data to the QSYSUPWD API. If this data is changed, the QSYSUPWD API
|
||
|
will not be able to successfully change the password for the user.</p>
|
||
|
|
||
|
<p>For detailed descriptions of the fields in this table, see <a href=
|
||
|
"#HDRSUPWDFD">Field Descriptions</a>.</p>
|
||
|
|
||
|
<br>
|
||
|
|
||
|
|
||
|
<h4><a name="HDRUPWD100">UPWD0100 Format</a></h4>
|
||
|
|
||
|
<table border width="80%">
|
||
|
<tr>
|
||
|
<th align="center" valign="bottom" colspan="2">Offset</th>
|
||
|
<th align="left" valign="bottom" rowspan="2">Type</th>
|
||
|
<th align="left" valign="bottom" rowspan="2">Field</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<th align="center" valign="bottom">Dec</th>
|
||
|
<th align="center" valign="bottom">Hex</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="10%">0</td>
|
||
|
<td align="center" valign="top" width="10%">0</td>
|
||
|
<td align="left" valign="top" width="20%">BINARY(4)</td>
|
||
|
<td align="left" valign="top" width="60%">Bytes returned</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">4</td>
|
||
|
<td align="center" valign="top">4</td>
|
||
|
<td align="left" valign="top">BINARY(4)</td>
|
||
|
<td align="left" valign="top">Bytes available</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">8</td>
|
||
|
<td align="center" valign="top">8</td>
|
||
|
<td align="left" valign="top">CHAR(10)</td>
|
||
|
<td align="left" valign="top">User profile name</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">18</td>
|
||
|
<td align="center" valign="top">12</td>
|
||
|
<td align="left" valign="top">CHAR(*)</td>
|
||
|
<td align="left" valign="top">Encrypted user password data</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<br>
|
||
|
<br>
|
||
|
|
||
|
|
||
|
<h3><a name="HDRSUPWDFD">Field Descriptions</a></h3>
|
||
|
|
||
|
<p><strong>Bytes available.</strong> The number of bytes of data available to
|
||
|
be returned to the user. Bytes available may increase from release to release
|
||
|
but will always be a minimum of 2000 bytes. This field should be used to set
|
||
|
the length of receiver variable input parameter. If the bytes available field
|
||
|
is greater than the bytes returned field, the receiver variable cannot
|
||
|
successfully be used as input to the QSYSUPWD API as not all encrypted password
|
||
|
data will be returned by this API.</p>
|
||
|
|
||
|
<p><strong>Bytes returned.</strong> The number of bytes of data returned to the
|
||
|
user in the receiver variable.</p>
|
||
|
|
||
|
<p><strong>Encrypted user password data.</strong> The encrypted password data
|
||
|
for the specified user profile.</p>
|
||
|
|
||
|
<p><strong>User profile name.</strong> The name of the user profile for which
|
||
|
information is being returned.</p>
|
||
|
|
||
|
<br>
|
||
|
|
||
|
|
||
|
<h3>Error Messages</h3>
|
||
|
|
||
|
<table width="100%" cellpadding="5">
|
||
|
<!-- cols="15 85" -->
|
||
|
<tr>
|
||
|
<th align="left" valign="top">Message ID</th>
|
||
|
<th align="left" valign="top">Error Message Text</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td width="15%" valign="top">CPF2203 E</td>
|
||
|
<td width="85%" valign="top">User profile &1 not correct.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF2225 E</td>
|
||
|
<td align="left" valign="top">Not able to allocate internal system object.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF222E E</td>
|
||
|
<td align="left" valign="top">&1 special authority is required.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF22F0 E</td>
|
||
|
<td align="left" valign="top">Unexpected errors occurred during processing.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF3C19 E</td>
|
||
|
<td align="left" valign="top">Error occurred with receiver variable
|
||
|
specified.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF3C21 E</td>
|
||
|
<td align="left" valign="top">Format name &1 is not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF3C24 E</td>
|
||
|
<td align="left" valign="top">Length of receiver variable is not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF3C90 E</td>
|
||
|
<td align="left" valign="top">Literal value cannot be changed.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF3CF1 E</td>
|
||
|
<td align="left" valign="top">Error code parameter not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF9801 E</td>
|
||
|
<td align="left" valign="top">Object &2 in library &3 not found.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF9872 E</td>
|
||
|
<td align="left" valign="top">Program or service program &1 in library
|
||
|
&2 ended. Reason code &3.</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<br>
|
||
|
<hr>
|
||
|
API introduced: V3R7
|
||
|
|
||
|
<hr>
|
||
|
<center>
|
||
|
<table cellpadding="2" cellspacing="2">
|
||
|
<tr align="center">
|
||
|
<td valign="middle" align="center"><a href="#Top_Of_Page">Top</a> | <a href=
|
||
|
"sec.htm">Security APIs</a> | <a href="aplist.htm">APIs by category</a></td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
</center>
|
||
|
</body>
|
||
|
</html>
|
||
|
|