*CURRENT authentication doesn't work with RPM Java on IBM i

[ThePrez]

The *CURRENT/*CURRENT optimization for passwordless login as current user does not work when using the OpenJDK RPM distribution on IBM i.

This likely requires server PTF changes as well as JTOpen code changes.

[jeber-ibm]

Jesse, as a security concern should we remove the '*CURRENT'/'*CURRENT' option and force the callers to use null values instead. The problem with *CURRENT/*CURRENT is that an application can ask a user for the userid and password. If the user then enters *CURRENT / *CURRENT, then they can access the system using the current authorization for the job. I removed this option from the JDBC drivers several years again.

[ThePrez]

Yes we should make null the default requirement. I suspect we will break a hefty number of applications though (my own included). What do you think of a System property as a compatibility switch to enable a "*CURRENT" password?

[jeber-ibm]

Yes, I agree that we should use a system property as a compatibility switch. Then people have some time as they secure their applications.