Perform many of the security functions through a program interface. You can
use APIs instead of CL commands.
Combine many individual jobs into a single server or overhead job without
compromising system security.
These APIs can be used to consolidate server jobs to reduce processing time
and storage use because the system performs job management tasks for only one
job. They also speed response time for system users.
For general information about system security, see the
topic collections in the information center Security category.
The security-related APIs are:
Add Verifier (QYDOADDV, QydoAddVerifier) adds a certificate to the local system's *SIGNATUREVERIFICATION certificate store that the local system can use later to verify the integrity of objects on the system.
Change Previous Sign-On Date (QSYCHGPR) changes the previous sign-on date and time to the current date and time for the current user of the job.
Change Service Tools User ID (QSYCHGDS) changes the ID name or the password (or both) for service tools user IDs.
Check Encrypted User Password (QSYCUPWD) checks to see if the encrypted password data for the specified user profile on the system on which this API is run is the same as the encrypted password data for the user on the system where the Retrieve Encrypted User Password (QSYRUPWD) API was run.
Check Profile Token User (QSYCHKTU, QsyChkPrfTknUser) verifies that the user profile associated with the token is the same as the current user profile in the thread.
Check System (QYDOCHKS, QydoCheckSystem) checks key operating system object's signatures.
Clear Job User Identity (QwtClearJuid()) clears any job user identity that was previously set by the QwtSetJuid() function or by the Set Job User Identity (QWTSJUID) API.
Control Intrusion Detection and Prevention (QTOQIDSC, QtoqIDSControl) activates, deactivates, recycles (deactivate and reactivate) the Intrusion Detection System (IDS) and retrieves the status (active or inactive) of the IDS.
Generate Profile Token (QSYGENPT) verifies that the caller has authority to generate a profile token for the requested profile and then generates a profile token.
Generate Profile Token (QsyGenPrfTkn) verifies that the caller has authority to generate a profile token for the requested profile and then generates a profile token.
Generate Profile Token Extended (QsyGenPrfTknE) verifies that the caller has authority to generate a profile token for the requested profile and then generates a profile token.
Get Profile Handle (QSYGETPH) validates a user ID and password, and creates an encrypted abbreviation called a profile handle for that user profile.
Get Profile Handle (QsyGetProfileHandle) validates user IDs and passwords and creates a profile handle, for use in jobs that run under more than one user profile.
Get Profile Handle No Password (QsyGetProfileHandleNoPwd) validates user IDs and creates a profile handle, for use in jobs that run under more than one user profile.
Get Profile Token Time Out (QSYGETPT, QsyGetPrfTknTimeOut) gets the number of seconds until a profile token is not valid.
Release Profile Handle (QSYRLSPH, QsyReleaseProfileHandle) validates a given profile handle and then releases it.
Remove All Profile Tokens (QsyRemoveAllPrfTkns) provides an interface to remove all profiles on the system.
Remove All Profile Tokens For User (QsyRemoveAllPrfTknsForUser) provides an interface to remove all profile tokens that have been generated for a specific user profile.
Remove Profile Tokens (QSYRMVPT) provides an interface to remove all profile tokens that have been generated for user profiles on the system, or to remove all profile tokens that have been generated for a specific user profile.
Set Encrypted User Password (QSYSUPWD) sets the encrypted password for the specified user profile by using the receiver variable that was retrieved by the Retrieve Encrypted User Password (QSYRUPWD) API.
Set Job User Identity (QWTSJUID) performs two operations that can be used to explicitly set the job user identity of the current job.
Set Job User Identity (QwtSetJuid()) sets the job user identity of the current job to the name of the current user profile of the job.
Set Profile Handle (QWTSETP, QsySetToProfileHandle) switches the job to run under a new profile.
Set To Profile Token (QSYSETPT, QsySetToPrfTkn) validates the profile token and changes the current thread to run under the user and group profiles represented by the profile token.
Sign Buffer (QYDOSGNB, QydoSignBuffer) allows the local system to certify that the series of bytes being signed is trustworthy.
Sign Object (QYDOSGNO, QydoSignObject) allows the local system to certify that the object being signed is trustworthy as of the time the object is being signed.
Verify Buffer (QYDOVFYB, QydoVerifyBuffer) allows the local system to verify that the series of bytes signed earlier has not been tampered with.
Verify Object (QYDOVFYO, QydoVerifyObject) checks to see if an object has changed since it was signed.