09-11-2008 8:59 AM
Having recently set the below values we are experiencing problems when users place digits or specials at positions above 8. It appears that SAP does not check above character 8. Not at password change nor at login to SAP.
Profile Parameters Attributes for login/min_password_lng tells that minimum value is 3 and maximum value is 8. Does this really mean that anything above 8 is ignored?
This is quite a usability issue.
login/min_password_lng = 8
login/min_password_digits = 1
login/min_password_letters =1
login/min_password_specials = 1
09-11-2008 9:16 AM
>
> Profile Parameters Attributes for login/min_password_lng tells that minimum value is 3 and maximum value is 8. Does this really mean that anything above 8 is ignored?
Hi Vito,
no.
This parameter sets only the minimum password length. It has no influence on the verification of input values after the 8th character.
From 7.00 on, the password can be longer than 8 characters. So up to 6.40 the maximum value of this parameter is 8, as the password cannot be longer. From 7.00 on, the max-value for this parameter is 40.
If you are on 7.00 and any input after the 8th character is ignored when logging on, you have set the parameter login/password_downwards_compatibility accordingly to 3,4,or 5 (5 is the most common).
b.rgds, Bernhard
09-11-2008 9:00 AM
09-11-2008 9:04 AM
Prior to ECC, yes it is 8 character ( my experience)
Post ECC, the password field is more than 8 characters (probably 26 or 32, i don't recall exactly.
Regards,
Zaheer
09-11-2008 9:16 AM
>
> Profile Parameters Attributes for login/min_password_lng tells that minimum value is 3 and maximum value is 8. Does this really mean that anything above 8 is ignored?
Hi Vito,
no.
This parameter sets only the minimum password length. It has no influence on the verification of input values after the 8th character.
From 7.00 on, the password can be longer than 8 characters. So up to 6.40 the maximum value of this parameter is 8, as the password cannot be longer. From 7.00 on, the max-value for this parameter is 40.
If you are on 7.00 and any input after the 8th character is ignored when logging on, you have set the parameter login/password_downwards_compatibility accordingly to 3,4,or 5 (5 is the most common).
b.rgds, Bernhard
09-11-2008 9:47 AM
System version.... yea good question. I have given up in the whole SAP version-thing, but here are the facts:
SAP Production client : SAP ERP Central Component 5.0
SAP CUA client: SAP Solution Manager 4.0
Having looked at SAP Note 862989 - "New password rules as of SAP NetWeaver 2004s (NW ABAP 7.0)" I am aware that we do not have the listed parameters.
Anyway once we are on ABAP 7.0 maximum length increased from 8 to 40 characters. But... if we still specify maximum lenght to 8 does SAP validate characters above 8 (all op to the 40th)??
09-11-2008 10:42 AM
Please notice: the password policy is controlled by parameters which define the minimum requirements - there is no parameter which allows you to prevent the user from superceding those requirements.
Yes, in older versions (prior to SAP NetWeaver 7.00) ABAP systems did simply ignore all characters you might have entered for passwords beyond the 8th character - and all entered lower-case characters have been converted to upper-case characters. That has changed with SAP NetWeaver 7.00 (as documented in an SAP note - which I've currently not at hand).
All that has been stated above refers to the password policy.
Regarding the password generator (as available in SU01): here you can define restrictions (e.g. maximum length of generated password, usage of special characters when generating passwords, etc.) - as long as those settings do not conflict with the password policy.
09-26-2008 2:21 AM
09-26-2008 7:00 AM
You have to change the Customizing switch GEN_PSW_MAX_LENGTH (mind you it is not a normal parameter, but a Customizing switch). Have a look at SAP NOTE 915488.
09-12-2008 12:58 AM
Did you make sure that your profile paramaters are update properly in all three profiles, just to make sure.
Default Profile
Instance Profile
Start Profile
AB
09-12-2008 7:57 AM
Please explain AB... I am one big ?-mark.
What are Default, Instance and Start Profiles?
/Vito
09-17-2008 11:02 PM
>
> Please explain AB... I am one big ?-mark.
> What are Default, Instance and Start Profiles?
> /Vito
Sorry for the late reply.
These are system Files where the profile parameters are stored/maintained. Use T-code RZ10 to maintain the profile.
AB