• Subject: Re: Password Validation API
  • From: "Leif Svalgaard" <leif@xxxxxxxx>
  • Date: Fri, 5 Jan 2001 09:29:45 -0600

> I think that using the get profile handle is the best choice because it is
> easy to use, it increments the incorrect password count for the user
> profile, and it audits the fact that an incorrect password was used. It
> also has the advantage that it is part of the system and it will be
> maintained and supported in future releases

just like Office Vision?
or QVTRMSTG?
or As/400 Firewall?
or ?

The QSYGETPH API follows this process:
Verifies that the user ID and password are correct. Incorrect passwords and
special cases are handled as follows:
On level 10 systems, only the user ID is validated because no passwords are
required.
If the password is not correct, the incorrect password count is increased.
(The QMAXSIGN system value contains the maximum number of incorrect attempts
to sign on.) If the QMAXSGNACN system value is set to disable the user
profile, repeated attempts to validate an incorrect password disable the user
ID. This keeps applications from methodically determining user passwords.
If the user ID is *CURRENT, the QSYGETPH API does not verify the password.
If the password is *NOPWD, the user requesting the profile handle must have
*USE authority to the user profile.
If the user profile is disabled or the password is expired, the call ends
without generating a profile handle.
To obtain a profile handle for a profile that does not have a password,
specify *NOPWD for the password parameter. You cannot obtain a profile handle
for the following system-supplied user profiles:

           QDBSHR    QFNC        QNETSPLF  QSPLJOB
           QDFTOWN   QGATE       QRJE      QSYS
           QDOC      QLPAUTO     QSNADS    QMSF
           QDSNX     QLPINSTALL  QSPL      QTSTRQS

A single job can create up to 25574 profile handles; after that, the space to
store them is full. Message CPF22E6 is sent to the application, and QSYGETPH
stops generating profile handles.

Updates the last-used date for the user and group profiles.
Resets the signon attempts not valid count to zero.
If security-related events are being audited, adds an entry to the QAUDJRN
audit journal to indicate that a profile handle is created.


----

If this behavior is what you want, QSYGETPH is for you, otherwise use the
direct method.

----

BTW the above was taken from V3R2 documentation, but QSYGETPH has been
removed from
V4R5 documentation or has been moved (IBM playing their usual shell game
here).




+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].