Re: Password Validation API

I would create a user profile ... say CHKPWD

Then when passed the password to be checked I would run

CHGUSRPRF USRPRF(CHKPWD) PASSWORD(&PASSWORD)

MONMSG MSGID(CPF4AC2) EXEC(DO) /* Password does not +
meet all password rules. */
CHGVAR VAR(&RTNCDE) VALUE('Fail')


That would be a simple solution


Don



From: "Steve McKay" <samckay1@xxxxxxxxx>
To: "Midrange Systems Technical Discussion"
<midrange-l@xxxxxxxxxxxxxxxxxx>
Date: 03/02/2023 06:59 AM
Subject: Password Validation API
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxxxxxxxx>



All -

Is there an API (or other method) that will validate a password against
the
QPWD* system values without an associated user name? I just want to feed
the password to the API or program and get back a 'YES'/'NO' indicating it
passed/failed the QPWD* system value composition rules.

We are trying to build a process that will accept user profile
add/change/delete requests from a non-IBM i product. We would like to
allow the admins of the product to enter a non-user user profile and the
desired password into the product. Then we would run a scrub program on
the data coming into the IBM i to check the password against IBM i QPWD*
system values to be sure that it will pass when we use it in the CRTUSRPRF
command.

I have looked at the QSYCHGPW API but it wants an existing user profile
and
password. I have also looked at the Validate Password Exit Point/Program
but we don't want to do this for all user password changes, only the new
non-user profile/password requests from the 3rd party product.

We understand that there are probably better ways to do this but, for a
narrow scope of non-user profiles, we would like to provide this
functionality without writing our own program.

Any suggestions?

Thanks,

Steve McKay
(205) 585-8424
samckay1@xxxxxxxxx