I'm working with OS V5R1. At present, I have a CL program that executes when the CHGPWD command is executed; this updates user profiles in some COTS software with the new passwords. I want to move to Level 2 passwords. In trying to accomplish this, I have discovered that I can no longer run a CL program from the QPWDVLDPGM system value it has to be *REGFAC or *NONE. So I set it to *REGFAC and I'm trying to run a validate password exit program to keep the user-profile passwords in sync. My problem seems to be that I cannot get the CHGPWD command to hand the new password off the exit program.
My guess is that you have either not registered the validation program, or that your exit program does not process the passwords correctly.
Using the WRKREGINF(Work with Registry Info) command you must register your exit program at exit point QIBM_QSY_VLD_PASSWRD.
You also must write your exit program to process the Level 2 password parameter structure. There is an excellent example in IBM's OS/400 Security Reference V5R1 ( SC41-5302-05) Page 45.
It is important to remember that the password validation program is only called when the CHGPWD command, or the Change Password (QSYCHGPW) API is used. It is NOT run when a CRTUSRPRF or CHGUSRPRF command is run.
MORE INFORMATION ON THIS TOPIC
The Best Web Links: Tips, tutorials and more.
Search400.com's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Read this Search400.com Featured Topic: Secure your iSeries