Skip to Main Content
IBM Power Ideas Portal


This portal is to open public enhancement requests against IBM Power Systems products, including IBM i. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Delivered
Workspace IBM i
Created by Guest
Created on Nov 30, 2016

Allows messages to be changed in 5250 emulator dialog boxes

When you launch the 5250 emulator from the IBM i Access Client Solutions component (version 1.1.4), and enter a user profile and password in the Windows box, if the user profile and/or the password is incorrect, a Windows dialog box is displayed and an error message indicating the user profile is incorrect or the password is incorrect.

We would like the ability to change the messages that appear in the Windows dialog box, when the sign-on fails.


Use Case:

System: IBM i 5250 access
Actor: End-user

Use case:
Launch a 5250 emulator and enter the user profile and password.


Idea priority High
  • Guest
    Reply
    |
    Jun 27, 2023

    In V7R5 OS, there was a changed to address this issue for jdbc / acs connection

    ===

    Ref: https://www.ibm.com/docs/en/i/7.5?topic=changes-system-security

    - Interfaces that authenticate a user profile and password now send one message or return code for user profile not found and password not correct.

    - For example, green screen sign on will send CPF1120 for user does not exist and password not correct. CPF1107 for password not correct will no longer be sent.

    - Change User Password (QSYCHGPW), Get Profile Handle QSYGETPH,QsyGetProfileHandle), Generate Profile Token (QSYGENPT), and Generate ProfileToken Extended (QsyGenPrfTknE) APIs now send CPF22E2 for user profile not found and password not correct.

    CPF9801 or CPF2204 will no longer be sent when both the user ID and password are specified (special value for password not specified).

  • Guest
    Reply
    |
    May 4, 2022
    Interfaces that authenticate a user ID and password now send one message or return code for user
    profile not found and password not correct. For example, green screen sign on will send CPF1120 for user
    profile not found and password not correct. CPF1107 for password not correct will no longer be sent.

    IBM Power Systems Development
  • Guest
    Reply
    |
    Aug 2, 2021

    IBM is continuing to work towards a solution for a single error message when either the user profile or password is incorrect.

  • Guest
    Reply
    |
    Aug 24, 2020

    The CEAC has reviewed this requirement and recommends that IBM view this as a MEDIUM priority requirement that should be addressed.

    Background: The COMMON Europe Advisory Council (CEAC) members have a broad range of experience in working with small and medium-sized IBM i customers. CEAC has a crucial role in working with IBM i development to help assess the value and impact of individual RFEs on the broader IBM i community and has therefore reviewed your RFE.

    To find out how CEAC help to shape the future of IBM i, see CEAC @ ibm.biz/BdYSYj and the article "The Five Hottest IBM i RFEs Of The Quarter" at ibm.biz/BdYSZT

    Therese Eaton – CEAC Program Manager, IBM

  • Guest
    Reply
    |
    Jul 3, 2020

    Greetings one and all,

    As a workaround, you can use the CHGMSGD command to change the message you get to be something more generic

    For example, issuing the following command would change the "CPF1107 - Password not correct for user profile" message to 'Invalid sign on attempt'

    CHGMSGD MSGID(CPF1107) MSGF(QCPFMSG) MSG('Invalid sign on attempt')

    You should also consider using this method to "anoymise" the following messages, that way you will get the exact same text regardless of the reason.

    CPF1108 USRPRF &1 not found for JOBD &2 in &3.
    CPF1109 Not authorized to subsystem.
    CPF1110 Not authorized to work station.
    CPF1116 Next not valid sign-on attempt varies off
    CPF1117 User &1 not accessible.
    CPF1118 No password associated with user &1
    CPF1120 - User &1 does not exist.
    CPF1392 Next not valid sign-on disables user profile
    CPF1393 User profile &2 has been disabled.
    CPF1394 User profile &1 cannot sign on.
    CPIAD06 - Invalid sign on attempt made.

    You will need to do this every time you upgrade your operating system but as the change does not require any downtime and takes effect immediately.

    Just as an FYI I believe there is a TAATOOL create called CHGSGNERRT
    e.g. CHGSGNERRT ERRTXT('Invalid signon.')
    My understanding is that this tool does something similar but just for messages CPF1107 and CPF1120

    Hope this helps,
    Steve Bradshaw
    IBM Champion and CEAC Member

  • Guest
    Reply
    |
    Dec 10, 2019

    The CAAC has reviewed this requirement and recommends that IBM view this as a high priority requirement that is important to be addressed. This is a security issue that should be addressed. The message is too specific about the user -- IBM should fix that. Allowing the customer to change the message themselves is a bad idea since a malicious user could change it to whatever they want ...

  • Guest
    Reply
    |
    Sep 13, 2019

    IBM agrees with the request and intends to provide a solution in a future release. These plans may change and no commitment is made that a solution will be provided.

  • Guest
    Reply
    |
    Jan 13, 2017

    Due to processing by IBM, this request was reassigned to have the following updated attributes:
    Brand - Servers and Systems Software
    Product family - Power Systems
    Product - IBM i
    Component - Work Management and Messaging
    Operating system - IBM i
    Source - None

    For recording keeping, the previous attributes were:
    Brand - Servers and Systems Software
    Product family - Power Systems
    Product - IBM i
    Component - iAccess
    Operating system - IBM i
    Source - None

  • Guest
    Reply
    |
    Nov 30, 2016

    Attachment (Use case): This was the document as attached to the PMR.

0 MERGED

Possibility to customize error message in case of failed iNavigator login attempt

Merged
During security testing client discovered that it is possible to enumerate system users by specifing the IDs and getting the message that user does not exist on the system. Client treats this as a possible security risk and is asking for possibili...
over 6 years ago in IBM i / Work Management and Messaging 4 Delivered
5 MERGED

IBM i Sign on Screen

Merged
Fiserv is working to Obtain PCi Standards Certification, we Have one Issue with UserName Enumeration, the Signon error will be "UserName not found or Incorrect Password" to be compliance we need to change some CWBSY* messsages (0001, 0002) etc.. w...
about 8 years ago in IBM i / IBM i Access Family 4 Delivered
13 MERGED

Change Message ID Text MSGSY1007 for example on ACS to a general text with no hint to wrong user or password

Merged
Change Message ID Text MSGSY1007 for example on ACS to a general text with no hint to wrong user or password Use Case: An attacker can see if he fills in a wrong user or a wrong password and has so the possibilty to find out valid user names
almost 3 years ago in IBM i / IBM i Access Family 2 Delivered
0 MERGED

IBM i Access for Windows - Change reply message on failed log in

Merged
For security reasons we want to modify the prompt, which IBM i Client Access for Windows will return when the user enters a wrong login credentials. We are using IBM i Access for Windows version 7.1.0.SI57907 Scenario-1: If you enter a wrong user ...
over 7 years ago in IBM i / Work Management and Messaging 4 Delivered
0 MERGED

iAccess message text modification

Merged
Due to my cutomers company security regulations an unsuccessful signon attempt - wrong user or wrong password - should result in a message with no information what was wrong. I.e. "LOGIN ATTEMPT FAILED".Back in those green screen times we would mo...
almost 4 years ago in IBM i / IBM i Access Family 5 Delivered