05-03-2015 7:38 AM
Dear Experts,
I found a strange behaviour in our ECC 6 system (BASIS release 702). System is not prompting for password change after password expiration time and this is happending for few users. So far five users have reported this behaviour. Users are happy indeed for this
We have parameter login/password_expiration_time = 30.
These users are even not able to change their password themselves. When they are trying to change their password using "New Password" button in login screen, system is giving message as "you can change your password only once a day". Even though user did not change password in that day at all.
Initially I though there may be any parameter where users' id maintained to exclude password policy, but seems there is no paramter like this in ECC6.
Your help will be appreciated to find out reason for this strange behaviour.
Regards
Aktar
05-03-2015 10:05 AM
Aktar Ali wrote:
When they are trying to change their password using "New Password" button in login screen, system is giving message as "you can change your password only once a day".
The only logical explanation for this is that some program is resetting the "last changed date" of the password to the current date for these users. That cannot be a standard SAP program.
1) Check via SE11 -> table USR02 -> where-used-list for Z-programs which perform direct update statements on the table. Particularly fields DCDA1 and PWDCHGDATE.
2) Check in SM37 whether jobs running in the early hours of the morning each day are described as being something security or password related. The job could also be a in a different client and updating client specified!
3) Contact the DB admin and ask about any scripts running which update the above table.
Cheers,
Julius
05-03-2015 8:10 AM
Hi Aktar
Is this ECC system integrate with Windows AD or other system?
BR
SS
05-03-2015 8:16 AM
Dear SS,
No, there is no integration. User ID is created simply using SU01 and user logges in using sap gui.
Thx
Aktar
05-03-2015 8:25 AM
Hi Aktar
Thanks for your information,
1. On your ECC system how many Dilalog instance are connected? have you update the passport policy parameters in CI & all DI systems?
2. Could you share your ECC system version & kernel details?
BR
SS
05-03-2015 9:07 AM
Dear SS,
Thanks for your effort and time.
Yes, password parameters are applied in all the instances and it is working fine for most of the users.
Below is the requested details.
Thanks
Aktar
05-03-2015 9:52 AM
05-03-2015 10:05 AM
Aktar Ali wrote:
When they are trying to change their password using "New Password" button in login screen, system is giving message as "you can change your password only once a day".
The only logical explanation for this is that some program is resetting the "last changed date" of the password to the current date for these users. That cannot be a standard SAP program.
1) Check via SE11 -> table USR02 -> where-used-list for Z-programs which perform direct update statements on the table. Particularly fields DCDA1 and PWDCHGDATE.
2) Check in SM37 whether jobs running in the early hours of the morning each day are described as being something security or password related. The job could also be a in a different client and updating client specified!
3) Contact the DB admin and ask about any scripts running which update the above table.
Cheers,
Julius