1 | Encrypted password return code | Output | Char(1) |
2 | Receiver variable from QSYRUPWD | Input | Char(*) |
3 | Format | Input | Char(8) |
4 | Error code | I/O | Char(*) |
The Check Encrypted User Password (QSYCUPWD) API checks to see if the encrypted password data for the specified user profile on the system on which this API is run is the same as the encrypted password data for the user on the system where the Retrieve Encrypted User Password (QSYRUPWD) API was run.
The API does not check the iSeries Support for Windows Network Neighborhood (iSeries NetServer) encrypted password information. Only the encrypted passwords used to sign on from a sign-on display are checked.
The QSYCUPWD API follows this process:
The release versions and password levels must be compatible between the system on which this API is run and the system where the QSYRUPWD API was run to be able to compare the passwords. The passwords can be compared only if the user profile has a password for password level 0 or 1 on both systems or a password for password level 2 or 3 on both systems. If a system is at a release previous to V5R1M0, then the password for the user profile on that system is a password for password level 0 or 1.
To determine if the user profile has a password for password level 0 or 1 or for password level 2 or 3, run either the Display Authorized Users (DSPAUTUSR) command and use the F11 key to see password level information, the Print User Profile (PRTUSRPRF) command using TYPE(*PWDLVL), or the Display User Profile (DSPUSRPRF) command using TYPE(*BASIC) to an outfile. These commands must be run on a V5R1M0 (or later) system.
Whether the encrypted password for the user profile on the system on which this API is run matches the encrypted password for the same user profile that is specified in the receiver variable from QSYRUPWD parameter. This parameter contains one of the following:
0 | The passwords match. |
1 | The user profile on the system on which this API is run is disabled. |
2 | The password for the user on the system on which this API is run is *NONE. |
3 | The password for the user profile on the system on which this API is run is expired. |
4 | The passwords could not be compared. |
9 | The passwords do not match. |
The variable that is used to check the encrypted password for the user. The receiver variable from the QSYRUPWD API must be used as input to this API. For this API to successfully check the encrypted password for the user, the bytes returned value must be equal to the bytes available value in the input data. The input data must be retrieved from the receiver variable used by the QSYRUPWD API and cannot be changed in any way.
The name of the format that is used to check the user's encrypted password data. The following value is allowed:
UPWD0100 | Encrypted password will be checked. |
The structure in which to return error information. For the format of the structure, see Error Code Parameter.
The following table describes the input variable that is to be passed as the second parameter to QSYCUPWD. This input variable must be the same data as the receiver variable that is returned by the QSYRUPWD API. The receiver variable, returned by the QSYRUPWD API, cannot be changed in any way prior to passing the data as input to the QSYCUPWD API. If this data is changed, the QSYCUPWD API will not be able to successfully check the password for the user. For detailed descriptions of the fields in the tables, see Field Descriptions.
Offset | Type | Field | |
---|---|---|---|
Dec | Hex | ||
0 | 0 | BINARY(4) | Bytes returned |
4 | 4 | BINARY(4) | Bytes available |
8 | 8 | CHAR(10) | User profile name |
18 | 12 | CHAR(*) | Encrypted user password data |
Bytes available. The number of bytes of data available when retrieved by the QSYRUPWD API. For the QSYCUPWD API to successfully check the encrypted password for the user, this value must be equal to the bytes returned value. If the bytes available field is greater than the bytes returned field, this input cannot be used to successfully check the encrypted password for the user.
Bytes returned. The number of bytes of data.
Encrypted user password data. The encrypted password data for the user profile.
User profile name. The name of the user profile for which the password will be checked.
Message ID | Error Message Text |
---|---|
CPF2203 E | User profile &1 not correct. |
CPF2225 E | Not able to allocate internal system object. |
CPF222E E | &1 special authority is required. |
CPF3C21 E | Format name &1 is not valid. |
CPF3CF1 E | Error code parameter not valid. |
CPF4AB2 E | Receiver variable from QSYRUPWD has been altered. |
CPF9801 E | Object &2 in library &3 not found. |
CPF9872 E | Program or service program &1 in library &2 ended. Reason code &3. |
Top | Security APIs | APIs by category |