Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Passwords Deactivating - Randomly!

Former Member

‎02-26-2010 11:31 PM

0 Kudos

Hi SEC people!

I have a strange situation on which I'd like to get some opinions. .95 of our users logon to SAP via SSO, but we have a small set of RF gun and FI users who need active passwords. Recently, some of the RF gun users' passwords turn up deactivated, yet there is no entry on change docs or any admin or the users themselves deactivating them. Nothing, no entry at all. Same for USH02. And today, I learned of a few FI users (they need PW for Excel upload tools for JE uploads) who experienced the same thing, so now I can say it's not specific to RF devices or the RF server.

This is only happening on our ECC 6.0 system, and started happening about 30 days after implementing SPS18 (not that it's defintely the cause, but its the only recent "major" event on our system). Oh, and it is not connected to CUA.

I've searced but have yet to find anything close to my situation.

Thanks in advance!

Jeff

3 REPLIES 3

Former Member

‎02-27-2010 10:35 AM

0 Kudos

A possible explanation is that you have set your param login/password_expiration_time to a value which is greater than login/password_max_idle_productive. In this case, the system itself will deactivate the password at the next successfull password based login.

Please check the values of these two params in RZ11 and the idle_initial one as well.

Depending on the user type in SU01, these params will also have a different affect which might appear as "random".

Cheers,

Julius

Former Member
In response to Former Member

‎03-02-2010 4:13 PM

0 Kudos

Julius, thanks a lot for your prompt reply. I have checked the parameters you mentioned and all look to be set correctly.

I discovered last night that while I was managing users over the weekend (lock/unlock for SPS upgrades) using SU10, around 350 users (out of a possible 10, 000) showed up in the change docs as having their passwords deactivated by me via SU10. And most of these users' PW's were already inactive. Good times...

I have logged a message with SAP.

Thanks again.

Edited by: Jeff Shores on Mar 2, 2010 10:21 AM

Former Member
In response to Former Member

‎03-02-2010 7:08 PM

0 Kudos

Sounds to me like some custom report in a batch job which you once scheduled to disable the users passwords if they were inactive for long enough, and you interpreted the USR02 fields for "inactivity" incorrectly or the semantics of the fields changed (on the SAP side).

Let us know what SAP says.

Cheers,

Julius