Start of change

CHECK_PASSWORD table function

Edit online

The CHECK_PASSWORD table function checks whether an input value meets the password rules for the system. This function does not change the password for any user.

The password rules are composed of system values QPWDRQDDIF and either QPWDRULES or all of the following: QPWDMINLEN, QPWDMAXLEN, QPWDLMTAJC, QPWDLMTCHR, QPWDLMTREP, and QPWDRQDDGT. System values QPWDPOSDIF and QPWDRULES *LMTSAMPOS are not enforced since a current password is not used for a comparison.

It is recommended that the password and optional authorization name should be provided using variables to avoid being visible as part of the statement text.

The function is similar to the Check Password Meets Password Rules (QSYCHKPR) API. If the password conforms to the password rules, exit programs registered under exit point QIBM_QSY_CHK_PASSWRD, format CHKP0200 are called to allow for additional verification.

Authorization:
  • None required if authorization-name is *NONE, *CURRENT, or matches the effective user of the thread.
  • Otherwise, the caller must have *SECADM special authority and *OBJMGT and *USE authorities to the user profile.
Read syntax diagramSkip visual syntax diagramCHECK_PASSWORD( PASSWORD => password,AUTHORIZATION_NAME => authorization-name )

The schema is QSYS2.

password
A character string containing a password value to be checked.
authorization-name
A character or graphic string identifying the name of the user for which the password is being checked. The user profile name is used when checking the password rules for system values Required Difference in Passwords (QPWDRQDDIF) and Password Rule - password may not contain user name (QPWDRULES *LMTPRFNAME).
Can contain the following special values:
*CURRENT
The name of the currently running user is used as the user whose password is being checked.
*NONE
The password being checked is not associated with a user. The password rules specified by system values Required Difference in Passwords (QPWDRQDDIF) and Password Rule - password may not contain user name (QPWDRULES *LMTPRFNAME) do not influence the password checking since they apply to a specific user profile. This is the default.

The result of the function is a table containing one row with the format shown in the following table. All columns are nullable.

Table 1. CHECK_PASSWORD table function
Column Name Data Type Description
PASSWORD_VALID VARCHAR(3) Indicates whether the password validation was successful.
NO
The password does not meet the system rules.
YES
The password meets the system rules.
MESSAGE_ID CHAR(7) The message ID that indicates the failure reason.

Contains the null value if PASSWORD_VALID is YES.
MESSAGE_TEXT VARGRAPHIC(1024)
CCSID 1200
 First level message text corresponding to MESSAGE_ID.

Contains the null value if MESSAGE_ID is null.
MESSAGE_SECOND_LEVEL_TEXT VARGRAPHIC(4096)
CCSID 1200
 Second level message text corresponding to MESSAGE_ID.

Contains the null value if MESSAGE_ID is null.

Example

  • Check a potential new password to see if it meets the system password rules.
    SELECT * FROM TABLE(QSYS2.CHECK_PASSWORD('amIvalid?'));
End of change