CHECK_PASSWORD table function
The CHECK_PASSWORD table function checks whether an input value meets the password rules for the system. This function does not change the password for any user.
The password rules are composed of system values QPWDRQDDIF and either QPWDRULES or all of the following: QPWDMINLEN, QPWDMAXLEN, QPWDLMTAJC, QPWDLMTCHR, QPWDLMTREP, and QPWDRQDDGT. System values QPWDPOSDIF and QPWDRULES *LMTSAMPOS are not enforced since a current password is not used for a comparison.
It is recommended that the password and optional authorization name should be provided using variables to avoid being visible as part of the statement text.
The function is similar to the Check Password Meets Password Rules (QSYCHKPR) API. If the password conforms to the password rules, exit programs registered under exit point QIBM_QSY_CHK_PASSWRD, format CHKP0200 are called to allow for additional verification.
- None required if authorization-name is *NONE, *CURRENT, or matches the effective user of the thread.
- Otherwise, the caller must have *SECADM special authority and *OBJMGT and *USE authorities to the user profile.
The schema is QSYS2.
- password
- A character string containing a password value to be checked.
- authorization-name
- A character or graphic string identifying the name of the user for which the password is being checked. The user profile name is used when checking the password rules for system values Required Difference in Passwords (QPWDRQDDIF) and Password Rule - password may not contain user name (QPWDRULES *LMTPRFNAME).
The result of the function is a table containing one row with the format shown in the following table. All columns are nullable.
Column Name | Data Type | Description |
---|---|---|
PASSWORD_VALID | VARCHAR(3) | Indicates whether the password validation was successful.
|
MESSAGE_ID | CHAR(7) | The message ID that indicates the failure
reason. Contains the null value if PASSWORD_VALID is YES. |
MESSAGE_TEXT | VARGRAPHIC(1024) CCSID 1200
|
First level message text corresponding to
MESSAGE_ID. Contains the null value if MESSAGE_ID is null. |
MESSAGE_SECOND_LEVEL_TEXT | VARGRAPHIC(4096) CCSID 1200
|
Second level message text corresponding to
MESSAGE_ID. Contains the null value if MESSAGE_ID is null. |
Example
- Check a potential new password to see if it meets the system password
rules.
SELECT * FROM TABLE(QSYS2.CHECK_PASSWORD('amIvalid?'));