Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Convert new password (7.00) into old password (6.20)

Go to solution
Former Member

‎02-28-2009 2:37 PM

0 Kudos

Hello @ all,

i was wondering if there is a chance to set a password for a technical user (used for ALE) with regard to our password policies (with upper and lower cases) within ERP6.0 and afterwards convert this password to be downwardly compatible for the other SAP system which is 6.20. We cannot make an upgrade for the 6.20 system and we cannot kick out our password policies for the 7.00 system. So, is there a convert routine somewhere?

What do you think of SNC for ALE connections? Unfortunately i'm not familiar with that kind of connection... any good instructions or other ideas?

Thank you in advance and a nice weekend

Olli

Environment:

SAP ERP 6.0 with forced password policies

SAP R/3 4.7 (wants to connect to ERP system)

There is no PI available...

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎02-28-2009 7:19 PM

0 Kudos

I assume that you have no downward compatability permitted at all in the 7.00 system and want to keep it that way.

What you can do if you are not checking the compliance with current policy for existing passwords which have not expired yet (which is default behaviour), is to set the SU01 password as strong as what digits and special characters will let you go, but with all CAPS-ON and 8 characters long as max (which would be your minimum length, hopefully).

Other than that, there is the option of trusted RFC (which is without passwords, so this problem is eliminated...) but there are other risks and a closer control of the RFC setup than what is usual is recommendable.

Cheers,

Julius

5 REPLIES 5

Go to solution
jurjen_heeck
Active Contributor

‎02-28-2009 7:13 PM

0 Kudos

> afterwards convert this password to

For that you'd need to have the original password to be stored somewhere in a readable format. As far as i know it isn't.

Go to solution
Former Member
In response to jurjen_heeck

‎02-28-2009 7:29 PM

0 Kudos

> 

> > afterwards convert this password to 
> 
> For that you'd need to have the original password to be stored somewhere in a readable format. As far as i know it isn't.

You can do something comparable for the system to find at logon time though: If you set the downward compatability temporarily to generate an old hash as well as a new one for this SYSTEM user ID, and then instruct the system to check the old hash as well if the new one fails.... then it would find a hash for this ID but not others, and permit the same password to be truncated and converted to upper-case and compared to the old hash as well as the new - but not other user's for whom there is no old hash.

But strictly speaking this violates the password rules, even although the system can be instructed to only go as far as it can if the hash is found.

I assume that this is what Oliver does not want, and is sticking to the books, even although no dialog user would be affected or ever notice the difference for this one ID.

Cheers,

Julius

Go to solution
Former Member

‎02-28-2009 7:19 PM

0 Kudos

I assume that you have no downward compatability permitted at all in the 7.00 system and want to keep it that way.

What you can do if you are not checking the compliance with current policy for existing passwords which have not expired yet (which is default behaviour), is to set the SU01 password as strong as what digits and special characters will let you go, but with all CAPS-ON and 8 characters long as max (which would be your minimum length, hopefully).

Other than that, there is the option of trusted RFC (which is without passwords, so this problem is eliminated...) but there are other risks and a closer control of the RFC setup than what is usual is recommendable.

Cheers,

Julius

Go to solution
Former Member

‎03-09-2009 4:49 AM

0 Kudos

There is a parameter login/password_downwards_compatibility to deal with password compatibility issues. However, as Julius mentioned using upper case password for RFC users helps

Regards

Vijaya

Go to solution
WolfgangJanzen
Product and Topic Expert
Product and Topic Expert

‎03-12-2009 7:23 AM

0 Kudos

> 

> Hello @ all,
> 
> i was wondering if there is a chance to set a password for a technical user (used for ALE) with regard to our password policies (with upper and lower cases) within ERP6.0 and afterwards convert this password to be downwardly compatible for the other SAP system which is 6.20. We cannot make an upgrade for the 6.20 system and we cannot kick out our password policies for the 7.00 system. So, is there a convert routine somewhere?
> 
> What do you think of SNC for ALE connections? Unfortunately i'm not familiar with that kind of connection... any good instructions or other ideas?
> 
> Thank you in advance and a nice weekend
> Olli
> 
> Environment:
> SAP ERP 6.0 with forced password policies
> SAP R/3 4.7 (wants to connect to ERP system)
> There is no PI available...

Please notice that it's always possible to set a downwards-compatible password (i.e. one which consists of only up to 8 characters, with no lower-case character) for technical accounts (i.e. accounts of type SYSTEM or SERVICE) - even if your password policy is generally enforcing the usage of downwards-incompatible passwords (i.e. passwords which need to consist of at least one lower-case character or of more than 8 characters).

This "exception rule" has been implemented to support exactly such scenarios you are describing (ALE communication link between 6.20 and 7.00 system).

Best regards, Wolfgang

PS: there is no "conversion" possible - but you can, of course, set a new password