| 1 | Validate password exit information | Input | Char(*) |
| 2 | Return indicator | Output | Char(1) |
The Validate Password exit program is called when a Change Password (CHGPWD) command or Change Password (QSYCHGPW) API is executed. The exit program is called after the password composition rules have been checked.
The exit program examines the old and new password values for conformance with customer unique password composition rules. The exit program returns an indication whether the new password should be accepted or rejected. The exit point supports multiple exit programs. However, additional exit programs will not be called after receiving a indication that the new password should be rejected from one of the exit programs. (For information about adding an exit program to an exit point, see the Registration Facility part.)
Any escape message received from an exit program or encountered while trying to call an exit program, will be treated as an indication that the new password should be rejected.
The specified exit program must exist in the system auxiliary storage pool (ASP) or one of the basic user ASPs at the time it is added to the registration facility. If the program does not exist, the request to add the exit program will be rejected.
The exit program must exist in the system ASP or one of the basic user ASPs at the time the exit point attempts to locate the exit program. If the specified exit program does not exist in the system ASP or one of the basic user ASPs, the condition will be treated as an indication that the new password should be rejected.
Note: The QPWDVLDPGM system value must be set to the value *REGFAC. If the QPWDVLDPGM system value contains any other value, the validate password exit programs will not be called.
Information needed by the exit program for notification of any profile changes. For details, see Format of Validate Password Exit Information.
Indicates whether the new password should be accepted or rejected.
| '0' | Indicates that the new password should be accepted. |
| '1' | Indicates that the new password should be rejected. |
Note: Any value other than '0' indicates that the new password should be rejected.
The following table shows the structure of the validate password exit information for format VLDP0100. For a description of the fields in this format, see Field Descriptions.
| Offset | Type | Field | |
|---|---|---|---|
| Dec | Hex | ||
| 0 | 0 | CHAR(20) | Exit point name |
| 20 | 14 | CHAR(8) | Exit point format name |
| 28 | 1C | BINARY(4) | Password level |
| 32 | 20 | CHAR(10) | User profile name |
| 42 | 2A | CHAR(2) | Reserved |
| 44 | 2C | BINARY(4) | Offset to old password |
| 48 | 30 | BINARY(4) | Length of old password |
| 52 | 34 | BINARY(4) | CCSID of old password |
| 56 | 38 | BINARY(4) | Offset to new password |
| 60 | 3C | BINARY(4) | Length of new password |
| 64 | 40 | BINARY(4) | CCSID of new password |
| CHAR(*) | Old password | ||
| CHAR(*) | New password | ||
CCSID of new password. The CCSID of the new password field. For a list of valid CCSIDs, see the Globalization topic in the iSeries Information Center.
CCSID of old password. The CCSID of the old password field. For a list of valid CCSIDs, see the Globalization topic in the iSeries Information Center.
Exit point format name. The format name for the Change User Profile exit program. The possible format name is:
| VLDP0100 | The format name that is used before a user password is changed by the CHGPWD command or QSYCHGPW API. |
Exit point name. The name of the exit point that calls the exit program.
Length of new password. The length, in bytes, of the new password field.
When called by the QSYCHGPW API, this is the length supplied to (or defaulted to) the QSYCHGPW API. It may include trailing blank or null characters which are removed by the system before changing the password.
When called by the CHGPWD command, this is the length of the actual password with any trailing blank or null characters removed.
Length of old password. The length, in bytes, of the old password field.
When called by the QSYCHGPW API, this is the length supplied to (or defaulted to) the QSYCHGPW API. It may include trailing blank or null characters which are removed by the system before changing the password.
When called by the CHGPWD command, this is the length of the actual password with any trailing blank or null characters removed.
New password. The new password value.
Offset to new password. The offset from the beginning of the validate password exit information to the new password field.
Offset to old password. The offset from the beginning of the validate password exit information to the old password field.
Old password. The old password value.
Password level. The password level in affect for the system. See the QPWDLVL system value for a description of the possible values.
User profile name. The name of the user profile whose password is being changed.
| Top | Security APIs | APIs by category |