IBM Z Hardware and Operating Systems Ideas Portal
This is the public portal for all IBM Z Hardware and Operating System related offerings. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).
Shape the future of IBM!
We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:
Search existing ideas
Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,
Post your ideas
Post an idea.
Get feedback from the IBM team and other customers to refine your idea.
Follow the idea through the IBM Ideas process.
Specific links you will want to bookmark for future use
Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.
IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.
ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.
I just launched a standard Ubuntu 24.04 minimal in the Dallas Region. Checking the file /etc/login.defs the setting is "PASS_MAX_DAYS 99999" .
I believe that is correct, and the s390x image which I mentioned earlier should be adjusted to match that.
But you don't agree?
How about this - would you agree it would be "best practices" for IBM to decide what it thinks is the secure, correct, recommended, value for PASS_MAX_DAYS, and then all Ubuntu images ought to match that value. If you believe the right number is "90 days" (which is unexpected) then why don't you set all Ubuntu images to 90 days?
And then you would get bombarded with more bug reports, because more users install the standard x86 Ubuntu 24.04 minimal image, and that would result in more issues.
The 90 days value is a problem.
The only reason you aren't getting more bug reports, is that the number of s390x end-users is relatively low, compared to the x86 architecture.
Image is setup with key based login. So this parameter is not applicable for zVSI image unless customer is changing password based login setup.
A way to recover from the situation: at least in this case, the root user seemed to still work. Normal user accounts were affected. If possible, try to log in as root.
I would still stand by the recommendation above though.
What do other cloud vendors do, as an example to consider.
It may superficially sound like a shorter time window is more secure, to force password changes. But that ignores the fact that SSH keys are extremely common. If you standardize on SSH key auth, you don't even use passwords. And then, to encounter this error about passwords..