08-10-2011 4:01 PM
Hi there,
in the EarlyWatch Alert report of last week, in the security part, we had a red mark regarding the password complexity.
I followed the recommandation in the report and posted on this forum.
i've added different parameter to enforce the complexity
here are my parameter :
login/min_password_lowercase : 1
login/password_max_idle_initial : 14
login/min_password_uppercase : 1
login/min_password_letters : 1
login/min_password_lng : 8
login/min_password_digits : 1
the server has been rebooted so all setting should be applied. the caps & number requirment works fine but the password lenght doesnt... it still minmum 7
Any idea why that particular setting isnt implemeted?
i'm working on SAP ECC 6.0
thanks for the help
Sébastien
08-10-2011 4:12 PM
Strange ...by any chance it is not distributed to all app servers? or is it same on all servers..
08-10-2011 5:58 PM
Strange ...by any chance it is not distributed to all app servers? or is it same on all servers..
That is also what I would check first.
08-10-2011 10:16 PM
Hi
Please check with Basis team the value has been updated in the file system or not ?
some times if the parameter value have space...or any errors while saving...it is not activated still it takes the old value
08-12-2011 8:01 AM
@Nisha : i've made the change on one server only, the test one.
ok while checking the parameters value as suggested by Hari, i found out that there was 3 different profile and that all of them where active...
i was working on the "default" one.
and in one of the other profile, i found the parameter : login/min_password_ln with another value, 7.
that's probably the reason of my issue. - i let you know
Edited by: Sébastien DE MYTTENAERE on Aug 12, 2011 9:03 AM
08-12-2011 2:39 PM
Hi,
You might have to check Default and Instance profiles.
Default profiles overrides Instance profiles and hence you have the issue. Make sure that you are not maintaining the parameters in both of these profiles.
Regards,
Raghu
08-13-2011 12:30 AM
Which kernel release are you on?
See http://wiki.sdn.sap.com/wiki/display/Security/Solved-Abilitytoassignsecuritypoliciestospecific+users
The UI is only delieverd later with 7.30. But if you changed profiles from the OS then it migh have taken effect already (the default profile is over written by the security policy).
Cheers,
Julius
08-13-2011 10:20 AM
Which kernel release are you on?
>
> See http://wiki.sdn.sap.com/wiki/display/Security/Solved-Abilitytoassignsecuritypoliciestospecific+users
>
> The UI is only delieverd later with 7.30. But if you changed profiles from the OS then it migh have taken effect already (the default profile is over written by the security policy).
>
> Cheers,
> Julius
Sorry, Julius but that information is wrong.
The start release is 7.03 / 7.31 (SAP_BASIS component).
Cheers, Wolfgang
08-13-2011 11:52 PM
Thanks for the application release infos Wolfgang!
We still dont know how the login/password_downwards_compatibility is set here (and login/min_password_specials is not set).
Perhaps if the complexity is sufficient with a special character then the length is relaxed per special character or if downward compatible then 2 identical special characters are treated as one in the length for the compliance_to_current_policy check (which we also do not know is active)?
We also do not know the user type.
Cheers,
Julius
08-15-2011 3:48 PM
08-15-2011 6:51 PM
Yeah, I am panicing here and hoping that a bug in SAP's release naming convensions can be blamed for it
Cheers,
Julius
08-17-2011 4:22 PM
Hello everyone,
i'm happy to let you know that my problem of password lenght issue is solved.
it was as i though and mentionned by Raghu Boddu i had 2 different profiles where the parameter login/min_password_lng was set. Once with 7 as value, once with 8.
In the default profile it was 8 and 7 in the instance profile.
in my specifi case, it was the instance profile that overrides the default profile.
i've have change the value set on the instance profil. That's how i've fixed the issue.
thanks for the help
Sebastien