In an application using ESQL/C authentication with instance users, a user can change his password by using sql with a passwort length greater than the 18 character limit imposed by the struct InetLogin (see case TS003855467). After the change of password, the user cannot login anymore since the structure is too small to contain his new password.
Intruct users to avoid passwords longer than 18 characters (ugly and not really recommended, but currently the only viable solution).
Switch to an ODBC Database Connection.
Provide a "renovated" structure InetLoginExtended or InetLogin2 with a deliberate design, which avoids the limitations.
|Who would benefit from this IDEA?||Everybody who encounters the problem described above|
|Priority Justification||Most current security recommendations opt for long passwords. An 18 character limit for the password is against these recommendations. The chance to lockout myself by changing my password to one with more than 18 characters length via SQL and a limit of 18 chars in authentication via ESQL/C is an absolute nogo.|
|Customer Name||Bernhard Treutwein, Ludwig-Maximilians-University, Munich|
NOTICE TO EU RESIDENTS: per EU Data Protection Policy, if you wish to remove your personal information from the IBM ideas portal, please login to the ideas portal using your previously registered information then change your email to "firstname.lastname@example.org" and first name to "anonymous" and last name to "anonymous". This will ensure that IBM will not send any emails to you about all idea submissions