I am curious on your thoughts about the QSYRUPWD and QSYSUPWD API's which are Retrieve Encrypted password and Set Encrypted password. Quite awhile back, I wrote a procedural interfce to these API's and used them in a small RPGLE program that would prompt for the Userid that I wanted to use.
ie. I supplied the Userid called 'CHUCK'...The program would then call the retrieve encrypted password api into memory for CHUCK, and then call QCMD. So having sufficient authority...I changed CHUCK's password, flip to another session and login as CHUCK, do what I want as CHUCK, then log out.
Flip back to the other session still on QCMD after changing CHUCK's password, and upon exit, my little RPGLE program sets the encrypted password from the same memory it was retrieved to. In other words, logon as another user, do whatever, log off and the User never knows the difference. All without ever knowing the user's original pasword.
Now here's the kick...I'm pretty sure even though we had password rules in place not allowing the re-use of "old" passwords, it still worked. Like these API's apparently worked underneath the covers of password rules. It was back at v5r4 I believe. Anyone have any thoughts on these API's.
There is equivalent SQL commands for doing the same within Oracle databases, don't know about any others at this point.
ie. I supplied the Userid called 'CHUCK'...The program would then call the retrieve encrypted password api into memory for CHUCK, and then call QCMD. So having sufficient authority...I changed CHUCK's password, flip to another session and login as CHUCK, do what I want as CHUCK, then log out.
Flip back to the other session still on QCMD after changing CHUCK's password, and upon exit, my little RPGLE program sets the encrypted password from the same memory it was retrieved to. In other words, logon as another user, do whatever, log off and the User never knows the difference. All without ever knowing the user's original pasword.
Now here's the kick...I'm pretty sure even though we had password rules in place not allowing the re-use of "old" passwords, it still worked. Like these API's apparently worked underneath the covers of password rules. It was back at v5r4 I believe. Anyone have any thoughts on these API's.
There is equivalent SQL commands for doing the same within Oracle databases, don't know about any others at this point.
Comment