|
|
|
&SECCALL CHECK Provides the ability to determine whether the nominated user ID and password combination would be allowed to log on to the system in which the NCL procedure is executing.
&SECCALL CHECK USERID=userid
PWD=password
Operands:
The user ID of the target user for which the check is to be performed. The user ID must be 1 to 8 characters long and defined to the security subsystem. The call is valid only for the issuing user ID or from an EASINET NCL procedure.
The current password of the user ID.
Return Codes:
The result of the CHECK function is indicated by the setting of &RETCODE as follows:
The password is correct and logon to this system would be successful.
The password is correct but logon would fail for other reasons. &SYSMSG is set to contain an error message indicating the cause of the failure. The conditions under which your product region sets this return code are:
If a security exit is installed, the exit may refuse logons for other reasons. An appropriate error message is set in &SYSMSG.
Password is correct but it has expired. Logon would succeed but the user is required to change their password.
Password is correct but this is a new user ID definition. Logon would succeed but the user is required to change their password.
Password is invalid. Logon fails
User ID is unknown. Logon fails.
Request failed or the function is not available.
Password is valid but the user ID is not defined as a user on UAMS. (This applies only if a partial exit is in place.)
The return codes from the &SECCALL CHECK function are supported as documented by native UAMS processing. The &ZFDBK system variable reflects the setting of the return code as set by the security exit.
Note: For more information about these return code settings, see the Security Guide.
Notes:
If a security exit is in use, the CHECK call is handled by the exit. The exit may choose to support the same return codes for the same results, or it may not. Check the return codes supported by your security exit before using the CHECK option of &SECCALL.
The CHECK call completing with return code 28 indicates that the security exit has verified the user ID/password combination as valid, but the user ID is not actually defined to your product region as a valid user. This is common in cases where EASINET is used as the network security gateway and user ID/password checking is performed by your product region before the user is allowed to access any application in the network. In these circumstances user ID/password validation is performed for users who may not have access to your product region but do have access to other network applications.
If a security exit is in place, then &ZFDBK reflects the value of the return code set by the security exit. This is useful as supplemental information to &RETCODE. For example, if a user who is not authorized for multiple signons attempts to unlock his terminal, an &SECCALL CHECK is executed on his behalf. As the user is already signed on, &SECCALL CHECK returns an &RETCODE of 4. If the user's password expires while the terminal is locked, &RETCODE is still 4. It is not possible to discern from &RETCODE that the password has expired. However, in the first case, &ZFDBK is set to 0, and with the expired password condition, it is set to 4. The $NMLOCK procedure is then able to determine that the password has expired and react accordingly.
The call is valid only for the issuing user ID or from an EASINET NCL procedure.
| Copyright © 2009 CA. All rights reserved. |
|