Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

profile parameter for to change password

Former Member
0 Kudos

Hello everyone.

Is there any profile parameter to change the password after certain number of days say 30 days. I see there are profile parameters for lenght , uppercase, lowecase but is there one to change the password after a given period of time.

Thanks.

Neha.

1 ACCEPTED SOLUTION

Former Member
0 Kudos

Hi Neha,

Are you looking for the password expiration parameter : login/password_expiration_time

(Dates until password must be changed)

Cheers !!

Zaheer

17 REPLIES 17

Former Member
0 Kudos

Hi Neha,

Are you looking for the password expiration parameter : login/password_expiration_time

(Dates until password must be changed)

Cheers !!

Zaheer

0 Kudos

The requirement is that the user should be prompted to chane the password every 60 days. Can the parameter login/password_expiration_time be used for this purpose.

Thanks

Neha.

0 Kudos

Yes, this is the one. As soon as users login after 60 days of previous password reset, they will be prompted to change their passwords.

Cheers !!

Zaheer

0 Kudos

The default value for this parameter is 90 days (login/password_expiration_time). So you need to change as per your requirement.

Other few parameters those are of help may be for you are:

login/password_max_new_valid --> This parameter is used to expire the initial password for a Newly Created User id. For e.g. if the value is set to 10 D, then after 10 days of creation of the user id the password will be expired and user need to request for a new password to logon. This should be set for security and audit purpose. You can use (a general suggestion) 7 days for this.

login/password_max_reset_valid --> This parameter is used for expiring the Reset password of an existing user id after mentioned days.

For more details of the Active profile parameters in your system go to TCode TU02.

Regards,

Dipanjan

0 Kudos

Currenlty the value in the system for the parameter is login/password_expiration_time = 0 , does that mean the user is not forced to chane the password at all after any number of days.

Thanks.

Neha.

0 Kudos

And also is there a parameter to specify that an old password must not be reused for aleast 10 times. I see that the predefined

value by SAP is 5 in the below link. Can that be changed to 10.

http://help.sap.com/saphelp_nw04/helpdata/EN/22/41c43ac23cef2fe10000000a114084/frameset.htm

0 Kudos

>

> Currenlty the value in the system for the parameter is login/password_expiration_time = 0 , does that mean the user is not forced to chane the password at all after any number of days.

>

Absolutely.!!... if you go to TCode RZ11 and then get into the Profile parameter ... you will be able to check the documentation in details provided by SAP for all parameters.

Regards,

Dipanjan

0 Kudos

Are profile parameters client dependent or client independent.

0 Kudos

>

> And also is there a parameter to specify that an old password must not be reused for aleast 10 times. I see that the predefined

> value by SAP is 5 in the below link. Can that be changed to 10.

>

> http://help.sap.com/saphelp_nw04/helpdata/EN/22/41c43ac23cef2fe10000000a114084/frameset.htm

Yes you can check.... please use the guide line in my previous post to check Documentation of each profile parameter when necessary.... for change / maintenance allowing, there are three criteria available:

X Change permitted

W Change generates warning

E Change generates error

So, if the value is set to X for a parameter then the change is permitted. Following tables may be of help for you to check profile and their parameters details:

RSAUPROF : Details of All 3 types of profiles with change history

TPFET : Table for Pofile Parameters

SPFNAMVAL: Name and value of profile parameter

Let me know for any more details required.

Regards,

Dipanjan

0 Kudos

>

> Are profile parameters client dependent or client independent.

Profile parameters are not at all related to Client concept in SAP. So, no dependency.

Regards,

Dipanjan

0 Kudos

Thanks Sanpui. your thoughts are really helpful. And also is there a parameter to specify that an old password must not be reused for aleast 10 times. SAP says the default value is 5. Can this be changed.

Thanks.

Neha.

0 Kudos

I checked the profile parameters using the program RSPARAM. But I am not able to find a parameter to prevent the old password from being used at least ten times. I also checked in the table TPFET.

And also can we prevent the password being same as user id.

Should these parameters be changed in the deafault profile or instance or start profile.

Thanks.

Neha.

0 Kudos

> I checked the profile parameters using the program RSPARAM. But I am not able to find a parameter to prevent the old password from being used at least ten times. I also checked in the table TPFET.

>

login/min_password_diff min. number of chars which differ between old and new password

> And also can we prevent the password being same as user id.

>

> Should these parameters be changed in the deafault profile or instance or start profile.

>

It depends ... you may decide this by discussing with BASIS team and as per your Company SOP. I prefer Default profile. But never use Instance profile.

Please go through the following links:

[Password Rules|http://help.sap.com/saphelp_nw04/helpdata/en/d2/141fb593c742b5aad8f272dd487b74/frameset.htm]

[Profile Parameters for Logon and Password (Login Parameters)|http://help.sap.com/saphelp_nw04/helpdata/en/d2/141fb593c742b5aad8f272dd487b74/frameset.htm]

[Password rules and preventing incorrect logons|https://websmp110.sap-ag.de/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=2467&_NLANG=E]

[ Note 862989 - New password rules as of SAP NetWeaver 2004s (NW ABAP 7.0)|https://service.sap.com/sap/support/notes/862989]

[Logon and Password Security in the SAP System|http://help.sap.com/saphelp_nw04/helpdata/en/eb/4bb638b5358259e10000009b38f8cf/frameset.htm]

Regards,

Dipanjan

0 Kudos

Based on what I understand the parameter login/min_password_diff min compares your new password with that of the recent old password. What I need is that the new password should be different from the last 10 passwords that I use.

Thanks.

Neha.

0 Kudos

Plz check the documentation of following one:

login/password_history_size

Regards,

Dipanjan

0 Kudos

Hi Sanpui ,

Thankyou very much for your help.

Thanks.

Neha.

0 Kudos

I have one more question. Are the profile parameter setting ofr passwords effective when we use single sign on from portal to the sap system.

Thanks.

Neha.