Check Password Meets Password Rules (QSYCHKPR) API
Required Parameter Group:
| 1 | User profile name | Input | Char(10) |
| 2 | Password information | Input | Char(*) |
| 3 | Format | Input | Char(8) |
| 4 | Error code | I/O | Char(*) |
Default Public Authority: *USE
Threadsafe: No
The Check Password Meets Password Rules (QSYCHKPR) API checks if the password specified in the password information meets the password rules for the system on which this API is run. The password rules are composed of system values QPWDRQDDIF and either QPWDRULES or all of the following: QPWDMINLEN, QPWDMAXLEN, QPWDLMTAJC, QPWDLMTCHR, QPWDLMTREP, and QPWDRQDDGT.
System values QPWDPOSDIF and QPWDRULES *LMTSAMPOS are not enforced since there isn't a current password to use for a comparison.
This API only checks the password, it does not actually change the user's password.
When the password successfully conforms to the password rules:
- No messages are sent by this API.
- No audit records are sent to the security audit journal.
- Exit programs registered under exit point QIBM_QSY_CHK_PASSWRD format CHKP0200 are called.
When the password does not conform to the password rules:
- An error message is sent by this API.
- No audit records are sent to the security audit journal.
- Exit programs are not called.
The QSYS2.CHECK_PASSWORD table function can be used as an alternative to this API. See CHECK_PASSWORD table function for more information.
Authorities and Locks
- If the user profile name is not *NONE, not *CURRENT, or not the user profile name of the currently running user, the caller of the API must have *SECADM special authority and *OBJMGT and *USE authorities to the user profile.
- API Public Authority
- *USE
Required Parameter Group
- User profile name
- INPUT; CHAR(10)
The name of the user for which the password is being checked. The user profile name is used when checking the password rules for system values QPWDRQDDIF (duplicate password control) and QPWDRULES *LMTPRFNAME (password may not contain user name).
You can specify the following special values:
*CURRENT The name of the currently running user is used as the user whose password is being checked. *NONE The password being checked is not associated with a user. The password rules specified by system values QPWDRQDDIF and QPWDRULES *LMTPRFNAME will not be enforced.
- Password information
- INPUT; CHAR(*)
The information for the password that will be checked against the password rules. See CKPR0100 Format for the definition of the fields for this parameter.
- Format
- INPUT; CHAR(8)
The name of the format that is used to check the password information. The following values are allowed:
CKPR0100 The password information.
- Error code
- I/O; CHAR(*)
The structure in which to return error information. For the format of the structure, see Error code parameter.
CKPR0100 Format
The following table describes the information that must be specified in the Password information parameter when format CKPR0100 is specified. For detailed descriptions of the fields in the tables, see Field Descriptions.
| Offset | Type | Field | |
|---|---|---|---|
| Dec | Hex | ||
| 0 | 0 | BINARY(4) | Offset to password |
| 4 | 4 | BINARY(4) | Length of password |
| 8 | 8 | BINARY(4) | CCSID of password |
| CHAR(*) | Password | ||
Field Descriptions
CCSID of password. The CCSID of the password specified in the password field. For a list of valid CCSIDs, see the IBM i globalization topic collection.
The valid values are:
| -1 | The current password level for the system is used to determine the CCSID of the password data. When calling this API on password level 0 or 1, CCSID 37 is used. When calling this API on a password level greater than 1, the default CCSID (DFTCCSID) job attribute is used. |
| 0 | The CCSID of the job is used to determine the CCSID of the data to be converted. If the job CCSID is 65535, the CCSID from the default CCSID (DFTCCSID) job attribute is used. |
| 1-65533 | A valid CCSID in this range. |
Length of password. The length, in bytes, of the password field.
Offset to password. The offset from the beginning of the password information to the password field.
Password. The password value.
Error Messages
| Message ID | Error Message Text |
|---|---|
| CPF2204 E | User profile &1 not found. |
| CPF2207 E | Not authorized to use object &1 in library &3 type &2. |
| CPF22C0 E | Password does not meet password rules. Return code &1. |
| CPF22C2 E | Password less than &1 characters. |
| CPF22C3 E | Password longer than &1 characters. |
| CPF22C4 E | Password matches one of &1 previous passwords. |
| CPF22C5 E | Password contains one of the following: &1. |
| CPF22C6 E | Password contains two numbers next to each other. |
| CPF22C7 E | Password contains a character used more than once. |
| CPF22C8 E | Same character in same position as previous password. |
| CPF22C9 E | Password must contain a number. |
| CPF22D0 E | Password contains a character repeated consecutively. |
| CPF22D1 E | Password cannot be same as user name. |
| CPF22D2 E | Password approval program &1 not found. |
| CPF22D3 E | Password approval program signaled an error. |
| CPF22D4 E | Not allowed to use password approval program. |
| CPF22D5 E | Parameters in password approval program not correct. |
| CPF22F5 E | Value &1 for new password not allowed. |
| CPF222E E | &1 special authority is required. |
| CPF3BC7 E | CCSID &1 outside of valid range. |
| CPF3BDE E | CCSID &1 not supported by API. |
| CPF3C1D E | Length specified in parameter &1 not valid. |
| CPF3C21 E | Format name &1 is not valid. |
| CPF3C36 E | Number of parameters, &1, entered for this API was not valid. |
| CPF3C90 E | Literal value cannot be changed. |
| CPF3CF1 E | Error code parameter not valid. |
| CPF4AA7 E | Password value not valid. Reason code &1. |
| CPF9872 E | Program or service program &1 in library &2 ended. Reason code &3. |
API introduced: V7R5
[ Back to top | Security APIs | APIs by category ]