Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Setting productive passwords from a CUA central system

Go to solution
Former Member

‎10-02-2008 8:24 AM

0 Kudos

Hi,

We use the SUSR_USER_CHANGE_PASSWORD_RFC from a java application to allow a user to change their password. The user knows his old password and provides the new password. The environment consists of a CUA central system and a number of child systems. The application connects to the CUA system, not the child systems.

If I read this [post|; correctly then passwords set with SUSR_USER_CHANGE_PASSWORD_RFC on a CUA central system will not be propagated to the child systems because it is not an initial password.

Is that correct or am I reading it wrong and is it influenced by settings which I have missed?

If I read it correct: is there a way, beside connecting to each and every child and performing the change, to set a production password?

We use encrypted network connections and are not to worried about the possibility that people can grab the passwords from the traces.

Thanks,

Wilfred

1 ACCEPTED SOLUTION

Go to solution
tim_alsop
Active Contributor

‎10-02-2008 8:32 AM

0 Kudos

Wilfred,

The CUA tool does not synchronize password changes.

I have worked with companies who have the same problem as you, and they solved it by changing the authentication method used for each of their systems in the landscape so that the password in SAP is not used anymore. For example, if you use an external user authentication instead of SAP user+password then SAP passwords are not needed anymore. With SAP GUI logon you can use SNC with an appropriate SNC library to allow logons to SAP to use Active Directory credentials. Then the user only has to change their password in Active Directory and they can logon to their domain and all SAP systems without having to worry about any password sync issues.

I know this is not exactly what you asked, but it is certainly the most secure solution if you want to keep passwords in sync and reduce passwords that users have to remember.

Thanks,

Tim

2 REPLIES 2

Go to solution
tim_alsop
Active Contributor

‎10-02-2008 8:32 AM

0 Kudos

Wilfred,

The CUA tool does not synchronize password changes.

I have worked with companies who have the same problem as you, and they solved it by changing the authentication method used for each of their systems in the landscape so that the password in SAP is not used anymore. For example, if you use an external user authentication instead of SAP user+password then SAP passwords are not needed anymore. With SAP GUI logon you can use SNC with an appropriate SNC library to allow logons to SAP to use Active Directory credentials. Then the user only has to change their password in Active Directory and they can logon to their domain and all SAP systems without having to worry about any password sync issues.

I know this is not exactly what you asked, but it is certainly the most secure solution if you want to keep passwords in sync and reduce passwords that users have to remember.

Thanks,

Tim

Go to solution
percy_adusei
Explorer
In response to tim_alsop

‎10-14-2015 6:34 PM

0 Kudos


Hello Tim,

I am researching into CUA and AD hookup.

Currently we have Enterprise Portal ECC ABAP Data Store in our SAP environment.
Per SAP note 718383, we cannot switch directly to AD because we are using data
source configuration file dataSourceConfiguration_abap.xml.

It appears from multiple readings that we can switch to
Central User Authentication (CUA) and connect the CUA system with AD to
circumvent the constraint. Is this idea feasible?

Your input will be greatly appreciated.

Thanks

Percy