Re: Password validation API

["Ed Fishel" <edfishel@xxxxxxxxxx>]

Fran,

>>Is there a way to validate a password for a user profile other than the
one who is signed on?<<

Take a look at the following three APIs. Get Profile Handle (QSYGETPH) API,
Set Profile (QWTSETP) API, and Release Profile Handle (QSYRLSPH) API which
are documented at
http://publib.boulder.ibm.com/pubs/html/as400/v4r5/ic2924/info/apis/QSYGETPH.htm,
http://publib.boulder.ibm.com/pubs/html/as400/v4r5/ic2924/info/apis/QWTSETP.htm,

and
http://publib.boulder.ibm.com/pubs/html/as400/v4r5/ic2924/info/apis/QSYRLSPH.htm.


The Get Profile Handle API will take a user-ID and a password, verify the
password and then return a profile handle. The handle can be used to swap
the user profile of the job.

>>The reasoning is that a supervisor could assign a task to a user who does
not have authority to that particular menu option. The supervisor would
then enter his own operator/password combination. When the user leaves the
menu option, the authority is removed.<<

This sounds to me like you are planning to store the supervisors password
and then verify it at a later time. It is never a good idea for a normal
application to store a password. If you need to swap user profile of the
job to the supervisor then it may be better to use a program that uses
adopted authority. A program that adopts the supervisors authority can use
the Get Profile Handle API to get a profile handle for the supervisor
without needing to use the supervisors password. You can then use that
handle to swap the user profile of the job.

Ed Fishel,
edfishel@US.IBM.COM


+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---