Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

System user restriction without speacil password restriction

Former Member

‎04-28-2013 1:38 AM

0 Kudos

Hi All - is there any way to restrict a system user without speacil password restriction..

we are using control M tool to trigger job in SAP and there is a system user created in SAP for this purpose.

The control M tool is unable to trigger a job when we maintain speacil character as pasword for the system user.. It is working only when password is maintained simple.

But as per audit complicane we should only maintain speacil characters in profile paramater of SAP and just for this system use alone r we cannot change the entire sap profile parameter setting.

Please advice if something can be done to maintain simple password (password without any character and numerals) restricion just for one system user id alone.

Thanks,

Sanjeev.S

T

1 REPLY 1

Former Member

‎04-28-2013 8:27 AM

0 Kudos

That is actually the problem of the external application which cannot save connection data which contains special characters, so you should report that to ControlM and not to SCN...

But there is a litttle workaround available which will help you set the login/min_password_specials despite  controlM not being able to save or send one.

Make sure the user is of type SYSTEM and not communication, as this way it is not subject to the password rules so can keep the existing password as long as you do not change it...

Otherwise, set login/password_downwards_compatibility = 1 (in this case it MUST be a user of type SYSTEM!!) or 2 if you want to be in the safe side, and then set the password of the user such that the first 8 characters are in upper case and contain a digit (or whatever your rules are) but locate the special character AFTER the 9th character in the password.

--> all users (dialog users) will have to comply with the new policy which includes the special character, but the SYSTEM type user will fail the first authentication attempt, and then subsequently truncate the password to 8 characters and convert it to upper case and try again against the BCODE hash, which will then work.

Downside with this is that you must keep BCODEs for the users - you must weight this strong hash vs. strong password against each other...

Real solution is to report this to Control M, as this tells us something about the systems security if the tool is used.

Cheers,

Julius