Password Approval Program (QPWDVLDPGM)

You can specify the Password Approval Program (QPWDVLDPGM) to control the validation of new passwords.

If *REGFAC or a program name is specified in the QPWDVLDPGM system value, the system runs one or more programs after the new password has passed any validation tests you specify in the password-control system values. You can use the programs to do additional checking of user-assigned passwords before they are accepted by the system.

A password approval program must be in the system auxiliary storage pool (ASP) or a basic user ASP.

Note: This system value is a restricted value. See Security system values for details on how to restrict changes to security system values and a complete list of the restricted system values.
Table 1. Possible values for the QPWDVLDPGM system value:
Value Description
*NONE No user-written program is used. This includes any password approval programs registered in the exit registration facility.
*REGFAC The validation program is retrieved from the registration facility, exit point QIBM_QSY_VLD_PASSWRD, format VLDP0100. More than one validation program can be specified in the registration facility. Each program will be called until one of them indicates that the password should be rejected or all of them have indicated the password is valid.
program-name Specify the name of the user-written validation program, from 1 through 10 characters. A program name cannot be specified when the current or pending value of the password level (QPWDLVL) system value is 2 or 3.
library-name Specify the name of the library where the user-written program is located. If the library name is not specified, the library list (*LIBL) of the user changing the system value is used to search for the program. QSYS is the recommended library.