11-17-2009 11:13 AM
Hi everybody,
SAP uses for the BCODE and for the PASSCODE a different hashcode.
If you have a ECC6.0 system, which one is there in function ?
Best regards
R.Kluge
11-17-2009 11:28 AM
11-17-2009 12:35 PM
Alternately start SE11 and choose USR02 field 'CODVN'. Double-click the data element XUCODEVER2 (Hash code versions for passwords) and then choose the "Documentation" button - or simply hit F1 anywhere else you can see the field.
Cheers,
Julius
11-20-2009 4:30 PM
>
> Hi everybody,
> SAP uses for the BCODE and for the PASSCODE a different hashcode.
> If you have a ECC6.0 system, which one is there in function ?
> Best regards
> R.Kluge
ECC 6.0 is using SAP_BASIS 7.0x
So, by default (login/password_downwards_compatibility = 1) will calculate both hash values - one for it's own usage (PASSCODE) and [the other one to distribute to older CUA systems|https://service.sap.com/sap/support/notes/1300104]. If you are not using CUA (Central User Administration) you should set the profile parameter login/password_downwards_compatibility to value 0.
As of SAP_BASIS 7.02 the ABAP system will [support (iterated) random-salted password hashs|https://service.sap.com/sap/support/notes/991968].
ABAP systems prior to 7.00 should apply [SAP note 874738|https://service.sap.com/sap/support/notes/874738] (Codeversion E, login/password_charset = 2).
Kindly notice that it's highly advised to prevent access to database table content (in general), in particular also to password hash value (see also: /etc/passwd in UNIX systems) - see [SAP note 1237762|https://service.sap.com/sap/support/notes/1237762].
In all releases, you should make use of the [(release-dependent) capabilities to define a strong password policy|http://help.sap.com/saphelp_nw04s/helpdata/EN/22/41c43ac23cef2fe10000000a114084/content.htm] (coutermeasure against dictionary attacks).