Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Internet Sales - Password Expiration Date

Former Member

‎02-08-2007 8:39 PM

0 Kudos

We are running:

- Internet Sales 4.0

- CRM 4.0

- Developer Workplace SP19

- J2EE Engine 6.4

We will have 8,000 customers logging into our Internet Sales application which connects to CRM. Our CRM security policy is that passwords expire every 60 days. That applies to internal users. We don't want our customers passwords to expire every 60 days. What can we do? We would like to have a different security policy for our customers than for internal users.

7 REPLIES 7

Former Member

‎02-08-2007 10:11 PM

0 Kudos

You can set the profile parameters (login/password_expiration_time) in such a way the passwords for internal users expire after 60 days.

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert
In response to Former Member

‎02-09-2007 9:08 AM

0 Kudos

That does not help since the profile parameter impacts all users (in all clients).

former_member74904
Contributor

‎02-09-2007 9:13 AM

0 Kudos

Perhaps making the dialog type for the internal users "SERVICE" could help? Like this, internal users' passwords will never expire.

Former Member
In response to former_member74904

‎02-09-2007 5:35 PM

0 Kudos

The Service User Type is designed for anonymous user access. We may be violating our license agreement if we use this user type. I don't think that is an option.

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert
In response to former_member74904

‎02-09-2007 5:39 PM

0 Kudos

Right. Furthermore it has some functional impact - see <a href="https://service.sap.com/sap/support/notes/622464">SAP Note 622464</a>: SAP Logon Tickets will not be issued for SERVICE and SYSTEM users; that impacts the ability to use SSO; currently SAP Logon Tickets are also required if you only want to use FORM-based authentication (i.e. an HTML rendered logon screen) instead of Basic Authenitication (-> popup rendered locally by the browser).

Former Member
In response to former_member74904

‎02-12-2007 8:45 PM

0 Kudos

Thanks for the explanation.

The question remains: Can we have a different password expiration date for our customers than we do for internal CRM users?

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert
In response to former_member74904

‎02-13-2007 12:55 PM

0 Kudos

Sorry, the short answer is: no.

There's only a "hack" you might consider:

using packet filters you can enforce "external users" to use other application servers than "internal users". Since profiles are server-specific you can set different profile parameter values on different application server instances.

Regards, Wolfgang