Skip to Main Content
IBM Power Ideas Portal


This portal is to open public enhancement requests against IBM Power Systems products, including IBM i. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Not under consideration
Workspace IBM i
Categories Security
Created by Guest
Created on Nov 4, 2020

Remove 8 character limitations for user id when using various communication methods.

https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_74/rzarl/rzarlusrid.htm
states:
"Some communications methods limit the user ID to eight characters."
I want those changed.


Use Case:

Users are chafing bad enough at the 10 character limitation. Dropping it to 8 seems unreasonable.


Idea priority Medium
  • Guest
    Reply
    |
    Dec 11, 2020

    IBM does not intend to provide a solution to this request at this time, so it is being closed.

    The limit of 8 characters is actually a limit of the user profile lengths imposed by other platforms.

    They are most often going to be other IBM platforms such as zOS (VM or MVS/TSO) that evolved using the SNA architecture or that support SNA with add-on packages such as AIX Communications Server or Microsoft Host Integration Server (HIS).

    Platforms such as zOS RACF may still limit based on their original SNA architecture for VM and MVS/TSO.
    AIX also had an 8 character limit, but has a LOGIN_NAME_MAX option allowing up to 256 character.

    IBM i supports interaction with these platforms by using SNA Distribution Services (SNADS) for communication.

    TCP/IP applications are not limited by legacy SNA applications and protocols with these other platforms.

    SSH code itself does not enforce this limit, the enforcement is done in PASE and controlled by the PASE_USRGRP_LIMITED variable. In addition, this behavior changed in 7.4, so that you must now set PASE_USRGRP_LIMITED=Y in order to enforce the 8 character username restriction and usernames greater than 8 are allowed by default.

    You will have to research the methods you are using and determine if moving to 10 character user IDs is appropriate for your environment.

  • Guest
    Reply
    |
    Dec 3, 2020

    IBM has received the requirement and is evaluating it. IBM will provide a response after evaluation is complete.

  • Guest
    Reply
    |
    Nov 5, 2020

    I totally agree. When using ssh on the i the user profile cannot be greater that eight characters which is a frustrating limitation.

  • Guest
    Reply
    |
    Nov 5, 2020

    I've encountered this issue with SSH, where users with 9 or 10 character usernames were unable to log in.

    This was fixed by setting the PASE_USRGRP_LIMITED environment variable to 'N', as described here: https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_74/apis/pase_environ.htm

    I'm not sure why this isn't the default, to be honest. Maybe to preserve compatibility with AIX software?

  • Guest
    Reply
    |
    Nov 5, 2020

    Morning Robberendt,

    This RFE seems rather general. Any methods in particular?
    What would be the business case / commercial advantage?

    I'm trying to think of the methods that would have the 8 character restriction? I thinking they might be the older "SNA" emulating / encapsulating types?
    If so, I'm not sure the effort would be worthwhile if there are TCP/IP methods that can use longer names.

    Please let us know more about the thinking behind this RFE.
    Best Wishes
    Steve Bradshaw
    IBM Champion, Member of the CEAC and Technical Director of the i-UG