06-23-2010 7:10 AM
One of our new password policy's requirement is to have
" The new password may have no more than 1 pair(s) of repeating
characters"
Could anyone please provide me the profile parameter by which we can set this rule?
I had given some examples for the same in attached doc.
06-23-2010 7:31 AM
06-23-2010 7:33 AM
Hi,
unfortunately, I don't think you can achieve this with profile parameters. You can see all profile parameters which you can use to define password policy in RZ11 if you search for login/pass. I don't know user exit which you might use to perform your own checks but maybe you can try with enhacement framework. Don't forget that password can be changed on various places.
I'm just wondering how you got this requirement?
Cheers
06-23-2010 7:46 AM
hi malay
check out the link for all the logon and password parameters
http://help.sap.com/saphelp_470/helpdata/en/22/41c43ac23cef2fe10000000a114084/content.htm
hope this will help.
take care.
nate
06-23-2010 8:52 AM
Hi,
A possibility is table usr40. If you want to prevent aa in the passwords then make an entrance in usr40 *aa* . It is more work than a parameter but it should work.
have fun
Bye
jan van Roest
Edited by: Julius Bussche on Jun 23, 2010 9:39 PM
Fixed the formattting using { n o f o r m a t } markups.
06-23-2010 8:58 AM
Hi,
I did typed a "*" around the aa but for one reason the letters got bold instead, so put astrics infront and at the end of the combination.
Bye
Jan van Roest
06-23-2010 8:45 PM
I fixed the formatting for you.
Back to topic: which pair are you going to permit as the strange requirement says that 1 is allowed?
Cheers,
Julius
06-27-2010 8:47 PM
Hi Julius,
I think the only option to do something with password is usr40, beside the login params and table prgn_cust. The nearest thing to the question is usr40. it is up to the creator of the thread to do someting or not with it.
Have fun
Bye jan van Roest
06-27-2010 9:04 PM
Hi Jan,
The new password mechanisms allow you to use "pass-phrases" in stead of "passwords". Too many entries in USR40 only weaken the password by excluding patterns for a dictionary attack.
For example, you can now use a pass-phrase such as:
"This passw0rd is easy to guess!"
or
"Do keep the kitch3n clean?"
or
"1 2 3 4...Goalllllllll!!!!!!!!!!"
If all words with paîrs of ASCII characters or patterns were forbidden, then the pass-phrase is weakened.
Rather throw in a special character and a digit and train the users to use pass-phrases. This can be hard though with folks who have been around for a long time and have a mental block at the 8th character of the SAPGui logon screen. I count myself to that league as well
In my opinion only company names, SID's, months and seasons are still usefull in USR40, along with swearwords...
Cheers,
Julius