Kisco Systems

Kisco U

Working with exit programs on IBM i

Home : Kisco U : Working with exit programs on IBM i

The IBM i OS will send two parameters to your exit program:

  • Parameter one is of variable length. It sends details about the request and is different for each exit points.
  • Parameter two is a single byte binary parameter that the exit program will pass back to the OS. Passing back a zero tells that OS that all is well. Passing back a value of one ('1') tells the OS that there is something wrong.

An exit point can have multiple "formats" which describe the different ways that the OS calls the program.

Each exit point is subject to OS rules about when it is called.

Example - checking a password

The input parameter will include the user profile, the old password, the new password and other information depending on the level of the IBM i OS. The password information is passed in plain text, so the exit program has to be sensitive to this. Passwords should NEVER be stored in a database or data area for any reason as this would create a serious security exposure. It is also important to know that the exit program will only be called when all other password checks in the IBM i OS have been satisfied. If another rule is not met, the exit program will not be called.

Once the program has been created and tested it needs to be registered to the IBM i OS. Refer here for help with registering exit programs.

The password validation exit is called QIBM_QSY_VLD_PASSWRD. There are two formats. Plan on coding for both:

  • VLDP0100: called whenever a change password is run on your system either from the command line or via an API call

  • VLDP0200: called whenever a Create User Profile or Change User Profile command is run and the system value QPWDRULES contains the special value *ALLCRTCHG

Refer to the IBM i documentation for details about this exit point.

The easiest way to find the relevant documentation for any exit point is to Google "IBM i" plus the format code for a given exit point.