Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are forbidden passwords taken into account when password is generated?

Go to solution
Former Member

‎02-03-2015 10:56 AM

0 Kudos

Hi,

we use the FM RSEC_GENERATE_PASSWORD which in turn calls C-function RSEC_GEN_PASSWD for the password generation. Does anybody know FOR SURE whether the forbidden password patterns (maintained in exception table USR40) are considered by C-function RSEC_GEN_PASSWD or does it 'just' generate the password and we need to manually check the password with FM PASSWORD_FORMAL_CHECK after  FM RSEC_GENERATE_PASSWORD call?

Thank you

Michal

1 ACCEPTED SOLUTION

Go to solution
Private_Member_69416
Active Participant

‎02-03-2015 12:16 PM

0 Kudos

Hi

1. RSEC_GENERATE_PASSWORD  is doing 1000 loop with check FM PASSWORD_FORMAL_CHECK.

2. One of the parameters for RSEC_GENERATE_PASSWORD and PASSWORD_FORMAL_CHECK is SECURITY_POLICY.

You can use system default (set by parameters) or modified policy (SECPOL since EHP6).

3. RSEC_GEN_PASSWD have no arguments for any policy check.

So forbidden password patterns can't be effectively checked by RSEC_GEN_PASSWD.

Reards

Przemek

3 REPLIES 3

Go to solution
Private_Member_69416
Active Participant

‎02-03-2015 12:16 PM

0 Kudos

Hi

1. RSEC_GENERATE_PASSWORD  is doing 1000 loop with check FM PASSWORD_FORMAL_CHECK.

2. One of the parameters for RSEC_GENERATE_PASSWORD and PASSWORD_FORMAL_CHECK is SECURITY_POLICY.

You can use system default (set by parameters) or modified policy (SECPOL since EHP6).

3. RSEC_GEN_PASSWD have no arguments for any policy check.

So forbidden password patterns can't be effectively checked by RSEC_GEN_PASSWD.

Reards

Przemek

Go to solution
Former Member
In response to Private_Member_69416

‎02-03-2015 12:23 PM

0 Kudos

Not by the FM itself. The policy is always checked in the kernel.

Since the FM itself is a kernel-call, all the usual security checks done by the kernel apply. Hence the rules defined in USR40 are definitely taken into account.

Go to solution
Former Member
In response to Private_Member_69416

‎02-03-2015 12:50 PM

0 Kudos

Hi Przemyslaw,


thank you, my bad - navigation index for RSEC_GENERATE_PASSWORD was not updated in my system and therefore the use of PASSWORD_FORMAL_CHECK within the loop in FM RSEC_GENERATE_PASSWORD itself was not found (and I missed it while briefly looking into the code).

Then my issue is solved as PASSWORD_FORMAL_CHECK is part of generating password logic in RSEC_GENERATE_PASSWORD.


Thank you

Michal