Skip to Main Content
IBM Power Ideas Portal


This portal is to open public enhancement requests against IBM Power Systems products, including IBM i. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Future consideration
Workspace IBM i
Categories IBM i Access Family
Created by Guest
Created on Apr 30, 2024

Allow user interface to turn off server authentication in 5250 console HOD sessions

When configuring a 5250 session in ACS, you can toggle on and off SSL Server Authentication in a regular session, but if you create a 5250 console session you must find and manually edit the SSLServerAuthentication and PoxySSLServerAuthentication lines in the HOD file The file itself is hard to find, especially on a shared server.

Idea priority Medium
  • Admin
    Carmelita Ruvalcaba Cevallos
    Reply
    |
    Jul 16, 2024

    The CAAC has reviewed this IBM Idea and recommends that IBM view this as a “nice to have” low priority feature.

    The ability to configure the SSL for none Console HOD should also be included for the Console HOD files.

    Background: The COMMON Americas Advisory Council (CAAC) members have a broad range of experience in working with small and medium-sized IBM i customers. CAAC has a key role in working with IBM i development to help assess the value and impact of individual IBM Ideas on the broader IBM i community and has therefore reviewed your Idea.

    For more information about CAAC, see www.common.org/caac

    Carmelita Ruvalcaba - CAAC Program Manager

  • Guest
    Reply
    |
    May 22, 2024
    Thank you for submitting your Idea to enhance IBM i Access Client Solutions (ACS). We understand the request and will consider it for a future update though no commitment is made nor implied.
    IBM Power Systems Development
  • Guest
    Reply
    |
    May 15, 2024

    This is odd as we'd have no reason to make Serve Authentication the default, yet we see that (bit not always).


    Our sessions are mainly in

    \\ecp.ensono.com\rdsshare\appconfigs\IBM\IBM\iAccessClient\Emulator

    HOD files either to "normal" 5250 sessions or console sessions we create as HOD files pointing to HMC.


    The console sessions we create via System Configuration are in \\ecp.ensono.com\rdsshare\appconfigs\IBM\IBM\iAccessClient\OpCon\Sessions\hmc\<hmc IP>\u\<server name> with switches e.g,:

    \\ecp.ensono.com\rdsshare\appconfigs\IBM\IBM\iAccessClient\OpCon\Sessions\hmc\172.16.22.22.hbi.nat64\u\server-8203-e4a-sn10650c5.1.hod -s=A -w=1 -t=0 -p=426,59 -d=976,615

    I also see HOD files in \\ecp.ensono.com\rdsshare\appconfigs\IBM\IBM\iAccessClient\


    I see we have multiple default.hod files with SSLServerAuthentication=true - for example:

    \\ecp.ensono.com\rdsshare\appconfigs\IBM\IBM\iAccessClient\OpCon\Sessions\hmc\10.1.137.17\s\default.hod


    I searched all HOD files in the \\ecp.ensono.com\rdsshare\appconfigs\IBM\IBM\iAccessClient directory and subdirectories and came up with 146 *.HOD files out of 631. Some of these I think still work as the HMCs or system telnet are set to non-SSL (which we are trying to eliminate).



  • Guest
    Reply
    |
    May 14, 2024

    As this is a shared server, locating files is sometimes difficult and possible we'd locate incorrect HOD file.  It would be much easier and less fraught with error if we could just toggle server authentication on and off in the HMC console session as we can in a non-console 5250 session. 

  • Guest
    Reply
    |
    May 6, 2024
    Thank you for submitting your Idea to enhance IBM i Access Client Solutions (ACS). By default, Server Authentication is not enabled for new 5250 configurations. However, if you enabled Server Authentication for a 5250 session and then selected Communication-->Set As Default Profile, then all new 5250 configurations that get created from that point on will have Server Authentication enabled by default. Existing configurations remain unchanged. This is probably how Server Authentication got set in a newly configured console session. You have a couple options:
    1. Make sure Server Authentication is not enabled in the hod default profile (acsdisplay.hod).
    2. You could also delete the acsdisplay.hod file in <config_path>\ iAccessClient\Emulator This will cause ACS to use the shipped defaults when creating new 5250 sessions.
    Then delete the hod file for the console that has Server Authentication enabled and recreate it. Are either of those 2 options acceptable?

    IBM Power Systems Development
    1 reply