Thanks Kaushal, It looks like that the max value mentioned for parameter "login/min_password_lng" is generating the password of same length. I will have to see if lowering this parameter value will generate the small password of the same length.

Regarding SE61, I am unable to see any email template for PSS(apart from PSS notification). We get the link in our password to click here to view passwords. Once we click on it, new window with password opens. Is there any option to change the text size or font of it.

You can show the password directly within the email sent to the user if that makes it easier to read (Hence why I mentioned the modification of the Email templates/SE61). As for changing the font size of the "pop-up" on the screen, that is something you may have to ask SAP to look into.

Hope this has answered your question.

Hi Sameer,

For generated password length, you need to add or change entries in PRGN_CUST table.

For the entries and procedure check the below link:

http://help.sap.com/saphelp_nw70/helpdata/EN/cc/4a0ff78271bb4399c80e659466f828/frameset.htm

Regards,

Ajesh.

Thanks again, our security policy doesnt allow password to be sent in written text via email. This is why we opt for this solution to provide the hyper link. I will check with SAP if the pop up widow text can be modified.

Dear Ajesh, Your answer seems to be correct, but I need to clear dew doubts

1. Please confirm the switch GEN_PSW_MAX_LENGTH is to be maintained in target systems(not in GRC systems).

2. In target system, I am unable to found the switch GEN_PSW_MAX_LENGTH, though the current support pack level(SAPKB70106) is already above the SP level mentioned in SAP note 915488. Any idea, what can be the reason.

3. Do I still need to implement the OSS note, irrespective of SP level.

Hi Sameer,

1. Maintain in Target System.

2. Switch will not be there, you can just add the entry. You can also transport the table PRGN_CUST if you dont want to do direct entries in quality and production system. ( Better maintain Max password length in profile parameter and max gen password length in table same, if possible special character entries also. Have seen inconsistencies in some cases if they are not the same)

3. Implement the note only when entries are not taken in to account. Try testing config in Dev. I am not sure if the note is right note. Most probably this note may not be needed.

Regards,

Ajesh.

Message was edited by: Ajesh Raju Pujari

Ajesh, I have found a applicable note 1482619. If these switch values are missing from the table PRGN_CUST, we need to implement this note. This is same as my case.

So I have to implement this note first and than note 915488 to maintain the switch GEN_PSW_MAX_LENGTH.

One question I need to ask, if I maintain this switch to say 10.  Will that mean if a user try to reset his password normal way, will he be able to reset to more than 10 letters. As I understood, GEN_PSW_MAX_LENGTH set the value only for generated password and the user can set his password to the maximum value defined in paramter login/min_password_lng. 

Hi Sameer,

There is no need to select from F4. You can manually enter the parameter and values in PRGN_CUST table. I have done the same and it had worked for me many times. If this doesnt work then you have to look forward for the notes.

If the switch is 10 then generated password will always be 10 characters.

"As I understood, GEN_PSW_MAX_LENGTH set the value only for generated password and the user can set his password to the maximum value defined in paramter login/min_password_lng. "

Above comment of yours is right.

Try config like below:

1. GEN_PSW_MAX_LETTERS = login/min_password_letters

2. GEN_PSW_MAX_DIGITS = login/min_password_digits

3. GEN_PSW_MAX_SPECIALS = login/min_password_specials

4. GEN_PSW_MAX_LENGTH = login/min_password_lng

i.e maintain GEN_PSW_MAX_LETTERS value same as login/min_password_letters

Regards,

Ajesh.

This was helpful, I was able to add the parametere manually.

Now I am facing a different strange issue.  I maintained the GEN_PSW_MAX_LENGTH parameter to 10, but when I reset the password through GRC, it still shows the 40 character long.

Than I went to su01 and manually tried to regenerate the password, and it was fine there. The auto generated password was only 10 character as expected.  I am unable to understand why the GRC generated password is still 40 character long.

I also set the other parameter login/min_password_letters = 0. This worked perfectly as the password reset via GRC doesnt contain any letters.

The only related issue I found the maximum value for login/min_password_lng is maintained 40 and the current value is 8.  But if its working perfectly via su01, so it should be same thorugh GRC as well.

Hi Sameer,

Have seen this problem on 5.3 as well. As you said if its working in SU01 it should also work with PSS.

Check the note and see if it solves the problem:

Note 1666807 - GRC 10.0 PSS : new password ignores PRGN_CUST restriction

Regards,

Ajesh.