Skip to Main Content
IBM Z Hardware and Operating Systems Ideas Portal


This is the public portal for all IBM Z Hardware and Operating System related offerings. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

ADD A NEW IDEA

Network Authentication Service

Showing 6

Enhance Kerberos/SKRBKDC limit to more than 2048 sockets

Currently, there is a hard coded limit of 2048 for the number of parallel open sockets for Kerberos / SKRBKDC (see Msg: EUVF04031E Limit of 2048 sockets exceeded). We're using Kerberos authentication for nearly all of our business transactions to ...
3 months ago in z/OS / Network Authentication Service 0 Future consideration

In z/OS the client needs a possibility to create keytab files with the option for custom salts to be used with WAS or other Components

Traditionally the keytab utility was shipped with the IBM Java SDK until Java 8 but misses the functionality to use a custom SALT. From Java 11 on, it was not further shipped. IBM z/OS offers a keytab utility but with very limited support to use a...
about 1 year ago in z/OS / Network Authentication Service 0 Future consideration

z/OS Kerberos support for SPNEGO mechanism (1 3 6 1 5 5 2)

Our software product Virtel runs as a Web server on z/OS to access Legacy applications. Many of our customers have asked us to provide Kerberos support. We have tried to do this through the IBM z/OS Kerberos server, and this works fine for standar...
almost 5 years ago in z/OS / Network Authentication Service 1 Future consideration

SKRBKDC: Support for switching off Replay Detection

We've an application on OSCP. Our security policy says that from docker against z/OS Kerberos have to bee used for authentication. Actually, per server are multiple instances of docker running / per docker multiple threads. Each thread goes agains...
about 5 years ago in z/OS / Network Authentication Service 2 Future consideration

z/OS FTP SERVER to support Kerberos authentication without keytab

Currently FTP server is configured to be a distribute DVIPA and because gss_acquire_cred call doesn't support use_dvipa_override, it would require keytab to be setup for FTP Kerberos to work.
almost 7 years ago in z/OS / Network Authentication Service 1 Future consideration

Permit reuse of Kerberos TGS for tickets with lifespan less than that of the TGT

Integrated Security Services NetworkAuthentication Service / Kerberos: Change TGS/Service Ticket issuing behavior. As described in the referring PMR, we have discovered that if the lifespan of a TGT is greater than the default lifespan of a TGS se...
over 6 years ago in z/OS / Network Authentication Service 1 Future consideration