Bringing back an old password validation rule
On our old 4.6C system, there was a password validation rule that stated the first three characters of the password cannot occur in the same order in the user ID. This rule was removed when we upgraded to ECC 6.0
While the users hated that rule, that rule was a SOX requirement at our company and I would like to have it back. Before I resort to programming user exits, is there a way to reactivate or at least simulate that rule? I cannot use USR40 because not only does it effect all users on the system, it only works on the second logon and not at validation time.
If programming user exits like EXIT_SAPLSUSF_001 is my only option, where can I get the password at logon time? From my understanding, SAP does not store this in a system value or even a global variable or table to prevent the recording of passwords. While this is a valid security reason, it would solve the resurrection of this password role through programming.