Validate Password Exit Program
Required Parameter:
1 | Validate password exit information | Input | Char(*) |
2 | Return indicator | Output | Char(1) |
QSYSINC Member Name: EVLDPWD1
Exit Point Name: QIBM_QSY_VLD_PASSWRD
Exit Point Format Name: VLDP0100, VLDP0200
The Validate Password exit program is called when a password is changed.
- The programs registered under format VLDP0100 are called when the Change Password (CHGPWD) command or Change Password (QSYCHGPW) API is executed.
- The programs registered under format VLDP0200 are called when the Create User Profile (CRTUSRPRF) command or Change User Profile (CHGUSRPRF) command is executed and the system value QPWDRULES contains the value *ALLCRTCHG.
The exit program examines the old and new password values for conformance with customer unique password composition rules. The exit program returns an indication whether the new password should be accepted or rejected. The exit point supports multiple exit programs. However, additional exit programs will not be called after receiving a indication that the new password should be rejected from one of the exit programs. (For information about adding an exit program to an exit point, see the Registration Facility part.)
Any escape message received from an exit program or encountered while trying to call an exit program, will be treated as an indication that the new password should be rejected.
The specified exit program must exist in the system auxiliary storage pool (ASP) or one of the basic user ASPs at the time it is added to the registration facility. If the program does not exist, the request to add the exit program will be rejected.
The exit program must exist in the system ASP or one of the basic user ASPs at the time the exit point attempts to locate the exit program. If the specified exit program does not exist in the system ASP or one of the basic user ASPs, the condition will be treated as an indication that the new password should be rejected.
Note: The QPWDVLDPGM system value must be set to the value *REGFAC. If the QPWDVLDPGM system value contains any other value, the validate password exit programs will not be called.
Authorities and Locks
- User Profile Authority
- *ALLOBJ and *SECADM to add or remove exit programs to the registration facility
Required Parameter
- Validate password exit information
- INPUT; CHAR(*)
Information needed by the exit program for notification of any profile changes. For details, see Format of Validate Password Exit Information.
- Return indicator
- OUTPUT; CHAR(1)
Indicates whether the new password should be accepted or rejected.
'0' Indicates that the new password should be accepted. '1' Indicates that the new password should be rejected. Note: Any value other than '0' indicates that the new password should be rejected.
Validate Password Exit Information
The following table shows the structure of the validate password exit information. For a description of the fields in this format, see Field Descriptions.
Offset | Type | Field | |
---|---|---|---|
Dec | Hex | ||
0 | 0 | CHAR(20) | Exit point name |
20 | 14 | CHAR(8) | Exit point format name |
28 | 1C | BINARY(4) | Password level |
32 | 20 | CHAR(10) | User profile name |
42 | 2A | CHAR(2) | Reserved |
44 | 2C | BINARY(4) | Offset to old password |
48 | 30 | BINARY(4) | Length of old password |
52 | 34 | BINARY(4) | CCSID of old password |
56 | 38 | BINARY(4) | Offset to new password |
60 | 3C | BINARY(4) | Length of new password |
64 | 40 | BINARY(4) | CCSID of new password |
CHAR(*) | Old password | ||
CHAR(*) | New password |
Field Descriptions
CCSID of new password. The CCSID of the new password field. For a list of valid CCSIDs, see the i5/OS globalization topic collection.
When called by the CRTUSRPRF command or the CHGUSRPRF command for format VLDP0200, this CCSID value will be 13488.
CCSID of old password. The CCSID of the old password field. For a list of valid CCSIDs, see i5/OS globalization.
When called by the CRTUSRPRF command or the CHGUSRPRF command for format VLDP0200, this CCSID value will be 13488.
Exit point format name. The format name for the Change User Profile exit program. The possible format name is:
VLDP0100 | The format name that is used before a user password is changed by the CHGPWD command or QSYCHGPW API. |
VLDP0200 | The format name that is used before a user password is changed by the CRTUSRPRF command or the CHGUSRPRF command. |
Exit point name. The name of the exit point that calls the exit program.
Length of new password. The length, in bytes, of the new password field.
When called by the QSYCHGPW API, this is the length supplied to (or defaulted to) the QSYCHGPW API. It may include trailing blank or null characters which are removed by the system before changing the password.
When called by the CHGPWD command, this is the length of the actual password with any trailing blank or null characters removed.
When called by the CRTUSRPRF command or the CHGUSRPRF command for format VLDP0200, this is the length of the new password in CCSID 13488 with any trailing blank or null characters removed.
Length of old password. The length, in bytes, of the old password field.
When called by the QSYCHGPW API, this is the length supplied to (or defaulted to) the QSYCHGPW API. It may include trailing blank or null characters which are removed by the system before changing the password.
When called by the CHGPWD command, this is the length of the actual password with any trailing blank or null characters removed.
When called by the CRTUSRPRF command or the CHGUSRPRF command for format VLDP0200, this length value will be 12. The old password value is not available so a value of *NOPWD in CCSID 13488 is used. This allows the format of the information passed to the QIBM_QSY_CHK_PASSWRD and QIBM_QSY_VLD_PASSWRD exit programs to be the same.
New password. The new password value.
When called by the CRTUSRPRF command or the CHGUSRPRF command for format VLDP0200, this value is the new password in CCSID 13488 with any trailing blank or null characters removed.
Offset to new password. The offset from the beginning of the validate password exit information to the new password field.
When called by the QSYCHGPW API, this is the length supplied to (or defaulted to) the QSYCHGPW API. It may include trailing blank or null characters which are removed by the system before changing the password.
Offset to old password. The offset from the beginning of the validate password exit information to the old password field.
Old password. The old password value.
When called by the CRTUSRPRF command or the CHGUSRPRF command for format VLDP0200, the old password value is not available so a value of *NOPWD in CCSID 13488 is used. This allows the format of the information passed to the QIBM_QSY_CHK_PASSWRD and QIBM_QSY_VLD_PASSWRD exit programs to be the same.
Password level. The password level in affect for the system. See the QPWDLVL system value for a description of the possible values.
User profile name. The name of the user profile whose password is being changed.
API introduced: V3R1
[ Back to top | Security APIs | APIs by category ]