Dear Yew Jin Kang,
UME itself does not support password history checking. It can only prevent that the old password is part of the new password, if UME property "ume.logon.security_policy.oldpass_in_newpass_allowed" is set to FALSE.
However, if you install a J2EE Engine and choose to use the ABAP user management, then the password policies of the ABAP system enforce this requirement (up to 6.40, history length is 5, up to SAP_BASIS 7.00 history length is configurable up to 100).
To be honest, there is a drawback. The nice error messages from ABAP are not propagated to the UME web screens, so users will only get a message "Failure during setting new password" or so.
Kind regards,
Juergen Kremp
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.