IBM Power Ideas Portal


This portal is to open public enhancement requests against IBM Power Systems products, including IBM i. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Under review
Workspace IBM i
Categories Web Serving
Created by Guest
Created on Jun 30, 2025

RELATED IDEAS

Security java toolbox vs Job batch

We are encountering more and more standard processes that use the Java Toolbox, particularly when using IWS servers.
My company and I have identified cases of interference between these processes and the batch jobs that use them.
For years, we have advised our clients to increase the security of their systems by using users that do not have the ability to log in, PASSWORD(*NONE), for their batch jobs, along with other recommendations that have nothing to do with this topic.
The use of the Java Toolbox, such as implementing basic authentication via a validation list on the IWS application server, can be problematic. If the server uses a user without a password, authentication is systematically refused. The only way to use a user with a password for the server job is to use a user with a password.
Another case is starting IWS servers via a shell script in a batch job. If the batch is launched with a user without a password, the server will not start. With the same batch and a user with a password, the server starts.
In both cases, we didn't provide the user's password; it's transparent to the batches.
To use processes using the Java Toolbox, it's necessary to have a password for the user, thereby lowering the security of our OS by adding a password to users not intended to open a session. We don't think this compromise is satisfactory.
I've detailed the cases on our website:

https://www.gaia.fr/securite-utilisation-des-classes-java-toolbox-vs-job-technique-os/

Is it possible to revert these operations so that we can continue to use users without passwords? By delegating to another user transparently for the batch, for example, or any other solution...

Thank you for your attention

Idea priority High
  • Guest
    Nov 4, 2025

    IBM has received your Idea and is evaluating it. IBM will provide a response after evaluation is complete.



    IBM Power Systems Development

    Reply
  • Admin
    Carmelita Ruvalcaba
    Aug 19, 2025

    The CAAC has reviewed this IBM Idea and recommends that IBM not implement this request.

    For various reasons, the CAAC is uncomfortable with the security implications of this request.

    Background: The COMMON Americas Advisory Council (CAAC) members have a broad range of experience in working with small and medium-sized IBM i customers. CAAC has a key role in working with IBM i development to help assess the value and impact of individual IBM Ideas on the broader IBM i community and has therefore reviewed your Idea.

    For more information about CAAC, see www.common.org/caac

    Carmelita Ruvalcaba - CAAC Program Manager

    1 reply
  • Guest
    Aug 17, 2025

    As regards the general business case:

    • A user profile which has a password can be set effectively no 5250 login through various techniques

    • Likewise, a user profile which has a password can be set effectively no SSH login through sshd configuration

    • Password policy can force periodic updates of the password.

    If IBM chooses to change Host Server Thread security to accommodate this request, then you are in good condition. If Host Server Thread security does not receive such a change, it still does not appear to have severe impact.

    Reply
  • Guest
    Jul 9, 2025

    We are investigating to see what we can do running server under a user profile without a password. However, with recent java toolbox enhancements, you should be able to run iws services under a different user profile that does not have a password. Have you tried that? Java Toolbox PTFs:

    SJ05934 V7R3M0
    SJ05935 V7R4M0
    SJ05956 V7R5M0
    SJ05936 V7R6M0

    1 reply

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.