Previous Topic: PASSCHNG User ExitNext Topic: POSTMOVE User Exit

Reference GuideUser Exit ReferencePASSWORD User Exit

PASSWORD User Exit

Use the PASSWORD user exit to accept or reject the new logon password being specified.

The PASSWORD user exit has this syntax:

PASSWORD userid userid2 newpw oldpw [date [newpw [pwlist]]]

Definitions

userid

Specifies the user ID that is changing the password.

userid2

Specifies the user ID whose password is being changed.

newpw

Specifies the new password.

If you are using password encryption (PEF) this parameter is encrypted. The plain text version of this password is stored in the newpw parameter following date.

If you are configured for password phrases, then the newpw will be a quoted string, if it contains embedded blanks.

The sample user exit provided illustrates the techniques needed for parsing quoted string arguments.

oldpw

Specifies the old password.

If you are configured for password phrases, then the oldpw will be a quoted string, if it contains embedded blanks.

The sample user exit provided illustrates the techniques needed for parsing quoted string arguments.

date

Specifies the date on which the logon password was last changed, in the format yy/mm/dd. If the logon password has never been changed, no date is provided. If no date is available because the user’s directory entry has no password history statement, an asterisk is passed as the date. When the user exit is called for expired passwords during a LOGON process, an asterisk is passed as the date.

newpw

Specifies the plain text version of the new password and appears in the parameter list only if the Password Encryption Facility is installed.

If you are configured for password phrases, then the newpw will be a quoted string, if it contains embedded blanks.

The sample user exit provided illustrates the techniques needed for parsing quoted string arguments.

pwlist

Specifies a list of previously used passwords, as a string of tokens separated by blanks. This information is supplied only if the directory entry for the virtual machine has a password history statement.

Note: If the Password Encryption Facility (PEF) is installed, all passwords in the parameter list (newpw, oldpw, pwlist) are encrypted except the new plain text password.

The date parameter and the unencrypted new password (newpw) parameter are always passed to the PASSWORD exit if PEF is installed.

Return Codes

The following table describes the return codes:

Return Code

Meaning

0

Password is accepted

4

Password is accepted, and a message is stacked; the length limit of the message is 67 bytes

8

Password is rejected, and a message is stacked; the length limit of the message is 67 bytes

Macros

The following macros call the PASSWORD user exit:

Called by

Optimized Macro Name

Under These Circumstances

VMXFPC00

FORCEPWC

A logon password that has expired is changed at logon time for a user ID. When the Rules Facility is not implemented, VMXFPC00 is also called at logon time when the user IDs password has been newly created or reset with the MANAGE, MAINT MANAGE, PASSWORD, or ADMIN commands

VMXIPL00

IPLEDPGM

When the Rules Facility is not implemented, a logon password is changed at logon time for a new user ID or a user password has been expired

VMXMAI00

MAINT

A logon password is changed using the MAINT command

VMXUSE80

USE00080

A logon password is changed using the USER command