ibmi-brunch-learn

Announcement

Collapse
No announcement yet.

Password syncing

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Password syncing

    I'm wondering if anyone has experience with synchronising passwords between IBM i systems.
    We are on V6R1 and have a very old password sync program (that still works), however it is designed around the also old password level 0. It hooks into the password validation exit point and encrypts the password and sends it to the other machines. It looks like our company is finally looking at moving into modern times with passwords and wants us to increase it to more than 10 chars etc so we'll need to change password levels which means the password syncing program will need to change. We have a huge number of other systems connecting to our IBM i's via a large number of mechanisms, hence the reason the company has been reluctant to move. SSO isn't viable for some of our other systems so it is not an option.
    I'm wondering if anyone has experience with this. I notice IBM supplies APIs to retrieve and set encrypted passwords which seems perfect for this however, IBM don't seem to supply an exit point to bung a program into. Our current synchronisation system uses the password validation exit point but the APIs can't be used there as the password hasn't changed at that point. The profile change exit might work, but it will be called for anything rather than just password changes. The documentation on that doesn't show an awful lot of detail either about what is passed to it apart from the user ID...

  • #2
    I think I've answered my own question. The documentation for the QIBM_QSY_CHK_PASSWRD exit point mentions this is called after a password is changed so it looks like this can be used.

    Comment

    Working...
    X