02-28-2009 2:37 PM
Hello @ all,
i was wondering if there is a chance to set a password for a technical user (used for ALE) with regard to our password policies (with upper and lower cases) within ERP6.0 and afterwards convert this password to be downwardly compatible for the other SAP system which is 6.20. We cannot make an upgrade for the 6.20 system and we cannot kick out our password policies for the 7.00 system. So, is there a convert routine somewhere?
What do you think of SNC for ALE connections? Unfortunately i'm not familiar with that kind of connection... any good instructions or other ideas?
Thank you in advance and a nice weekend
Olli
Environment:
SAP ERP 6.0 with forced password policies
SAP R/3 4.7 (wants to connect to ERP system)
There is no PI available...
02-28-2009 7:19 PM
I assume that you have no downward compatability permitted at all in the 7.00 system and want to keep it that way.
What you can do if you are not checking the compliance with current policy for existing passwords which have not expired yet (which is default behaviour), is to set the SU01 password as strong as what digits and special characters will let you go, but with all CAPS-ON and 8 characters long as max (which would be your minimum length, hopefully).
Other than that, there is the option of trusted RFC (which is without passwords, so this problem is eliminated...) but there are other risks and a closer control of the RFC setup than what is usual is recommendable.
Cheers,
Julius
02-28-2009 7:13 PM
> afterwards convert this password to
For that you'd need to have the original password to be stored somewhere in a readable format. As far as i know it isn't.
02-28-2009 7:29 PM
>
> > afterwards convert this password to
>
> For that you'd need to have the original password to be stored somewhere in a readable format. As far as i know it isn't.
You can do something comparable for the system to find at logon time though: If you set the downward compatability temporarily to generate an old hash as well as a new one for this SYSTEM user ID, and then instruct the system to check the old hash as well if the new one fails.... then it would find a hash for this ID but not others, and permit the same password to be truncated and converted to upper-case and compared to the old hash as well as the new - but not other user's for whom there is no old hash.
But strictly speaking this violates the password rules, even although the system can be instructed to only go as far as it can if the hash is found.
I assume that this is what Oliver does not want, and is sticking to the books, even although no dialog user would be affected or ever notice the difference for this one ID.
Cheers,
Julius
02-28-2009 7:19 PM
I assume that you have no downward compatability permitted at all in the 7.00 system and want to keep it that way.
What you can do if you are not checking the compliance with current policy for existing passwords which have not expired yet (which is default behaviour), is to set the SU01 password as strong as what digits and special characters will let you go, but with all CAPS-ON and 8 characters long as max (which would be your minimum length, hopefully).
Other than that, there is the option of trusted RFC (which is without passwords, so this problem is eliminated...) but there are other risks and a closer control of the RFC setup than what is usual is recommendable.
Cheers,
Julius
03-09-2009 4:49 AM
There is a parameter login/password_downwards_compatibility to deal with password compatibility issues. However, as Julius mentioned using upper case password for RFC users helps
Regards
Vijaya
03-12-2009 7:23 AM
>
> Hello @ all,
>
> i was wondering if there is a chance to set a password for a technical user (used for ALE) with regard to our password policies (with upper and lower cases) within ERP6.0 and afterwards convert this password to be downwardly compatible for the other SAP system which is 6.20. We cannot make an upgrade for the 6.20 system and we cannot kick out our password policies for the 7.00 system. So, is there a convert routine somewhere?
>
> What do you think of SNC for ALE connections? Unfortunately i'm not familiar with that kind of connection... any good instructions or other ideas?
>
> Thank you in advance and a nice weekend
> Olli
>
> Environment:
> SAP ERP 6.0 with forced password policies
> SAP R/3 4.7 (wants to connect to ERP system)
> There is no PI available...
Please notice that it's always possible to set a downwards-compatible password (i.e. one which consists of only up to 8 characters, with no lower-case character) for technical accounts (i.e. accounts of type SYSTEM or SERVICE) - even if your password policy is generally enforcing the usage of downwards-incompatible passwords (i.e. passwords which need to consist of at least one lower-case character or of more than 8 characters).
This "exception rule" has been implemented to support exactly such scenarios you are describing (ALE communication link between 6.20 and 7.00 system).
Best regards, Wolfgang
PS: there is no "conversion" possible - but you can, of course, set a new password