Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

login/min_password_lng max value

Former Member
0 Kudos

Having recently set the below values we are experiencing problems when users place digits or specials at positions above 8. It appears that SAP does not check above character 8. Not at password change nor at login to SAP.

Profile Parameters Attributes for login/min_password_lng tells that minimum value is 3 and maximum value is 8. Does this really mean that anything above 8 is ignored?

This is quite a usability issue.

login/min_password_lng = 8

login/min_password_digits = 1

login/min_password_letters =1

login/min_password_specials = 1

1 ACCEPTED SOLUTION

Bernhard_SAP
Employee
Employee
0 Kudos

>

> Profile Parameters Attributes for login/min_password_lng tells that minimum value is 3 and maximum value is 8. Does this really mean that anything above 8 is ignored?

Hi Vito,

no.

This parameter sets only the minimum password length. It has no influence on the verification of input values after the 8th character.

From 7.00 on, the password can be longer than 8 characters. So up to 6.40 the maximum value of this parameter is 8, as the password cannot be longer. From 7.00 on, the max-value for this parameter is 40.

If you are on 7.00 and any input after the 8th character is ignored when logging on, you have set the parameter login/password_downwards_compatibility accordingly to 3,4,or 5 (5 is the most common).

b.rgds, Bernhard

10 REPLIES 10

jurjen_heeck
Active Contributor
0 Kudos

On what version are you?

0 Kudos

Prior to ECC, yes it is 8 character ( my experience)

Post ECC, the password field is more than 8 characters (probably 26 or 32, i don't recall exactly.

Regards,

Zaheer

Bernhard_SAP
Employee
Employee
0 Kudos

>

> Profile Parameters Attributes for login/min_password_lng tells that minimum value is 3 and maximum value is 8. Does this really mean that anything above 8 is ignored?

Hi Vito,

no.

This parameter sets only the minimum password length. It has no influence on the verification of input values after the 8th character.

From 7.00 on, the password can be longer than 8 characters. So up to 6.40 the maximum value of this parameter is 8, as the password cannot be longer. From 7.00 on, the max-value for this parameter is 40.

If you are on 7.00 and any input after the 8th character is ignored when logging on, you have set the parameter login/password_downwards_compatibility accordingly to 3,4,or 5 (5 is the most common).

b.rgds, Bernhard

Former Member
0 Kudos

System version.... yea good question. I have given up in the whole SAP version-thing, but here are the facts:

SAP Production client : SAP ERP Central Component 5.0

SAP CUA client: SAP Solution Manager 4.0

Having looked at SAP Note 862989 - "New password rules as of SAP NetWeaver 2004s (NW ABAP 7.0)" I am aware that we do not have the listed parameters.

Anyway once we are on ABAP 7.0 maximum length increased from 8 to 40 characters. But... if we still specify maximum lenght to 8 does SAP validate characters above 8 (all op to the 40th)??

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert
0 Kudos

Please notice: the password policy is controlled by parameters which define the minimum requirements - there is no parameter which allows you to prevent the user from superceding those requirements.

Yes, in older versions (prior to SAP NetWeaver 7.00) ABAP systems did simply ignore all characters you might have entered for passwords beyond the 8th character - and all entered lower-case characters have been converted to upper-case characters. That has changed with SAP NetWeaver 7.00 (as documented in an SAP note - which I've currently not at hand).

All that has been stated above refers to the password policy.

Regarding the password generator (as available in SU01): here you can define restrictions (e.g. maximum length of generated password, usage of special characters when generating passwords, etc.) - as long as those settings do not conflict with the password policy.

0 Kudos

Where do you limit the maximum password length for the generator?

0 Kudos

You have to change the Customizing switch GEN_PSW_MAX_LENGTH (mind you it is not a normal parameter, but a Customizing switch). Have a look at SAP NOTE 915488.

former_member248712
Active Participant
0 Kudos

Did you make sure that your profile paramaters are update properly in all three profiles, just to make sure.

Default Profile

Instance Profile

Start Profile

AB

0 Kudos

Please explain AB... I am one big ?-mark.

What are Default, Instance and Start Profiles?

/Vito

0 Kudos

>

> Please explain AB... I am one big ?-mark.

> What are Default, Instance and Start Profiles?

> /Vito

Sorry for the late reply.

These are system Files where the profile parameters are stored/maintained. Use T-code RZ10 to maintain the profile.

AB