friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14ed2849c6
ibm-information-center/dist/eclipse/plugins/i5OS.ic.apis_5.4.0.1/qsycupwd.htm

393 lines
12 KiB
HTML
Raw Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Copyright" content="Copyright (c) 2006 by IBM Corporation">
<title>Check Encrypted User Password (QSYCUPWD) API</title>
<!-- Begin Header Records ========================================= -->
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<!-- Created by Barb Smith for V5R2 -->
<!-- Change History: -->
<!-- YYMMDD USERID Change description -->
<!--File Edited by Kersten Dec 2001 -->
<!-- End Header Records -->
<link rel="stylesheet" type="text/css" href="../rzahg/ic.css">
</head>
<body>
<a name="Top_Of_Page"></a>
<!-- Java sync-link -->
<script type="text/javascript" language="Javascript" src="../rzahg/synch.js">
</script>
<h2>Check Encrypted User Password (QSYCUPWD) API</h2>
<div class="box" style="width: 80%;">
<br>
&nbsp;&nbsp;Required Parameter Group:<br>
<!-- iddvc RMBR -->
<br>
<table width="100%">
<tr>
<td align="center" valign="top" width="10%">1</td>
<td align="left" valign="top" width="55%">Encrypted password return code</td>
<td align="left" valign="top" width="15%">Output</td>
<td align="left" valign="top" width="20%">Char(1)</td>
</tr>
<tr>
<td align="center" valign="top">2</td>
<td align="left" valign="top">Receiver variable from QSYRUPWD</td>
<td align="left" valign="top">Input</td>
<td align="left" valign="top">Char(*)</td>
</tr>
<tr>
<td align="center" valign="top">3</td>
<td align="left" valign="top">Format</td>
<td align="left" valign="top">Input</td>
<td align="left" valign="top">Char(8)</td>
</tr>
<tr>
<td align="center" valign="top">4</td>
<td align="left" valign="top">Error code</td>
<td align="left" valign="top">I/O</td>
<td align="left" valign="top">Char(*)</td>
</tr>
</table>
<br>
&nbsp;&nbsp;Default Public Authority: *EXCLUDE<br>
<!-- iddvc RMBR -->
<br>
&nbsp;&nbsp;Threadsafe: No<br>
<!-- iddvc RMBR -->
<br>
</div>
<p>The Check Encrypted User Password (QSYCUPWD) API checks to see if the
encrypted password data for the specified user profile on the system on which
this API is run is the same as the encrypted password data for the user on the
system where the Retrieve Encrypted User Password (QSYRUPWD) API was run.</p>
<p>The API does not check the
iSeries Support for Windows Network Neighborhood (iSeries NetServer)
encrypted password information. Only the encrypted
passwords used to sign on from a sign-on display are
checked.</p>
<p>The QSYCUPWD API follows this process:</p>
<ul>
<li>Verifies that the user calling this API is authorized.<br>
<br>
</li>
<li>Verifies that the user profile specified in the receiver variable from
QSYRUPWD parameter exists and is correct.<br>
<br>
</ul>
<ul>
<li>If the user profile is disabled, the incorrect password count is
incremented and the appropriate value is set in the encrypted password return
code.<br>
<br>
</li>
<li>If the password for the user profile is *NONE or expired, the appropriate
value is set in the encrypted password return code.
If the local password management (LCLPWDMGT) value
for the user profile is *NO, then the password for the user profile will be *NONE.
</li>
</ul>
<ul>
<li>Checks to see if the encrypted passwords can be compared. If the passwords
cannot be compared, the appropriate value is set in the encrypted password
return code.
<p>The release versions and password levels must be compatible between the
system on which this API is run and the system where the QSYRUPWD API was run
to be able to compare the passwords. The passwords can be compared only if the
user profile has a password for password level 0 or 1 on both systems or a
password for password level 2 or 3 on both systems. If a system is at a release
previous to V5R1M0, then the password for the user profile on that system is a
password for password level 0 or 1.</p>
<p>To determine if the user profile has a password for password level 0 or 1 or
for password level 2 or 3, run either the Display Authorized Users (DSPAUTUSR)
command and use the F11 key to see password level information, the Print User
Profile (PRTUSRPRF) command using TYPE(*PWDLVL), or the Display User Profile
(DSPUSRPRF) command using TYPE(*BASIC) to an outfile. These commands must be
run on a V5R1M0 (or later) system.</p>
</li>
<li>Compares the passwords. If the passwords do not match, the incorrect
password count is incremented. The QMAXSIGN system value contains the maximum
number of incorrect attempts to sign on. If the QMAXSGNACN system value is set
to disable the user profile, repeated attempts to check the encrypted password
when there is a mismatch will disable the user profile.</li>
</ul>
<br>
<h3>Authorities and Locks</h3>
<dl>
<dt><em>User Profile Authority</em></dt>
<dd>Caller of this API must have *ALLOBJ and *SECADM special authorities</dd>
<dt><em>API Public Authority</em></dt>
<dd>*EXCLUDE</dd>
</dl>
<br>
<h3>Required Parameter Group</h3>
<dl>
<dt><strong>Encrypted password return code</strong></dt>
<dd>OUTPUT; CHAR(1)
<p>Whether the encrypted password for the user profile on the system on which
this API is run matches the encrypted password for the same user profile that
is specified in the receiver variable from QSYRUPWD parameter. This parameter
contains one of the following:</p>
<table cellpadding="5">
<!-- cols="5 95" -->
<tr>
<td align="left" valign="top"><em>0</em></td>
<td align="left" valign="top">The passwords match.</td>
</tr>
<tr>
<td align="left" valign="top"><em>1</em></td>
<td align="left" valign="top">The user profile on the system on which this API
is run is disabled.</td>
</tr>
<tr>
<td align="left" valign="top"><em>2</em></td>
<td align="left" valign="top">The password for the user on the system on which
this API is run is *NONE.</td>
</tr>
<tr>
<td align="left" valign="top"><em>3</em></td>
<td align="left" valign="top">The password for the user profile on the system
on which this API is run is expired.</td>
</tr>
<tr>
<td align="left" valign="top"><em>4</em></td>
<td align="left" valign="top">The passwords could not be compared.</td>
</tr>
<tr>
<td align="left" valign="top"><em>9</em></td>
<td align="left" valign="top">The passwords do not match.</td>
</tr>
</table>
<br>
</dd>
<dt><strong>Receiver variable from QSYRUPWD</strong></dt>
<dd>INPUT; CHAR(*)
<p>The variable that is used to check the encrypted password for the user. The
receiver variable from the QSYRUPWD API must be used as input to this API. For
this API to successfully check the encrypted password for the user, the bytes
returned value must be equal to the bytes available value in the input data.
The input data must be retrieved from the receiver variable used by the
QSYRUPWD API and cannot be changed in any way.</p>
</dd>
<dt><strong>Format</strong></dt>
<dd>INPUT; CHAR(8)
<p>The name of the format that is used to check the user's encrypted password
data. The following value is allowed:</p>
<table cellpadding="5">
<!-- cols="25 75" -->
<tr>
<td align="left" valign="top"><em><a href="#UPWD0100">UPWD0100</a></em></td>
<td align="left" valign="top">Encrypted password will be checked.</td>
</tr>
</table>
<br>
</dd>
<dt><strong>Error code</strong></dt>
<dd>I/O; CHAR(*)
<p>The structure in which to return error information. For the format of the
structure, see <a href="../apiref/error.htm#hdrerrcod">Error Code Parameter</a>.</p>
</dd>
</dl>
<br>
<h3><a name="UPWD0100">UPWD0100 Format</a></h3>
<p>The following table describes the input variable that is to be passed as the
second parameter to QSYCUPWD. This input variable must be the same data as the
receiver variable that is returned by the QSYRUPWD API. The receiver variable,
returned by the QSYRUPWD API, cannot be changed in any way prior to passing the
data as input to the QSYCUPWD API. If this data is changed, the QSYCUPWD API
will not be able to successfully check the password for the user. For detailed
descriptions of the fields in the tables, see <a href="#HDRSYSUFD">Field
Descriptions</a>.</p>
<table border width="80%">
<tr>
<th align="center" valign="bottom" colspan="2">Offset</th>
<th align="left" valign="bottom" rowspan="2">Type</th>
<th align="left" valign="bottom" rowspan="2">Field</th>
</tr>
<tr>
<th align="center" valign="bottom">Dec</th>
<th align="center" valign="bottom">Hex</th>
</tr>
<tr>
<td align="center" valign="top" width="10%">0</td>
<td align="center" valign="top" width="10%">0</td>
<td align="left" valign="top" width="20%">BINARY(4)</td>
<td align="left" valign="top" width="60%">Bytes returned</td>
</tr>
<tr>
<td align="center" valign="top">4</td>
<td align="center" valign="top">4</td>
<td align="left" valign="top">BINARY(4)</td>
<td align="left" valign="top">Bytes available</td>
</tr>
<tr>
<td align="center" valign="top">8</td>
<td align="center" valign="top">8</td>
<td align="left" valign="top">CHAR(10)</td>
<td align="left" valign="top">User profile name</td>
</tr>
<tr>
<td align="center" valign="top">18</td>
<td align="center" valign="top">12</td>
<td align="left" valign="top">CHAR(*)</td>
<td align="left" valign="top">Encrypted user password data</td>
</tr>
</table>
<br>
<h3><a name="HDRSYSUFD">Field Descriptions</a></h3>
<p><strong>Bytes available.</strong> The number of bytes of data available when
retrieved by the QSYRUPWD API. For the QSYCUPWD API to successfully check the
encrypted password for the user, this value must be equal to the bytes returned
value. If the bytes available field is greater than the bytes returned field,
this input cannot be used to successfully check the encrypted password for the
user.</p>
<p><strong>Bytes returned.</strong> The number of bytes of data.</p>
<p><strong>Encrypted user password data.</strong> The encrypted password data
for the user profile.</p>
<p><strong>User profile name.</strong> The name of the user profile for which
the password will be checked.</p>
<br>
<h3>Error Messages</h3>
<table width="100%" cellpadding="5">
<!-- cols="15 85" -->
<tr>
<th align="left" valign="top">Message ID</th>
<th align="left" valign="top">Error Message Text</th>
</tr>
<tr>
<td valign="top" width="15%">CPF2203 E</td>
<td valign="top" width="85%">User profile &amp;1 not correct.</td>
</tr>
<tr>
<td align="left" valign="top">CPF2225 E</td>
<td align="left" valign="top">Not able to allocate internal system object.</td>
</tr>
<tr>
<td align="left" valign="top">CPF222E E</td>
<td align="left" valign="top">&amp;1 special authority is required.</td>
</tr>
<tr>
<td align="left" valign="top">CPF3C21 E</td>
<td align="left" valign="top">Format name &amp;1 is not valid.</td>
</tr>
<tr>
<td align="left" valign="top">CPF3CF1 E</td>
<td align="left" valign="top">Error code parameter not valid.</td>
</tr>
<tr>
<td align="left" valign="top">CPF4AB2 E</td>
<td align="left" valign="top">Receiver variable from QSYRUPWD has been
altered.</td>
</tr>
<tr>
<td align="left" valign="top">CPF9801 E</td>
<td align="left" valign="top">Object &amp;2 in library &amp;3 not found.</td>
</tr>
<tr>
<td align="left" valign="top">CPF9872 E</td>
<td align="left" valign="top">Program or service program &amp;1 in library
&amp;2 ended. Reason code &amp;3.</td>
</tr>
</table>
<br>
<hr>
API introduced: V5R2
<hr>
<center>
<table cellpadding="2" cellspacing="2">
<tr align="center">
<td valign="middle" align="center"><a href="#Top_Of_Page">Top</a> | <a href=
"sec.htm">Security APIs</a> | <a href="aplist.htm">APIs by category</a></td>
</tr>
</table>
</center>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink