Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Disable Initial Password Reset.

Former Member

‎07-12-2007 2:53 PM

0 Kudos

Hello;

Is it possible to set that the user do not change the initial password

when created or even if the SAP Administrator reset it, the first time

the user log on the system.

Thanks;

Ali Gumusoglu

13 REPLIES 13

Former Member

‎07-12-2007 3:02 PM

0 Kudos

I don't believe this is possible with a dialog user without modifying the SAP logon procedure code (possible but can be problematic).

More importantly, what would you want to do this? The change initial password is a good password control.

Former Member

‎07-12-2007 6:03 PM

0 Kudos

Hi;

We would like to use client based SSO in our company. This SSO application is client based so we could' t use SSO profile parameters. I asked this question may be there is another relevant profile parameters.

Thanks;

Former Member
In response to Former Member

‎07-13-2007 8:25 AM

0 Kudos

The client based SSO makes it a bit more difficult.

Last time I saw a situation like yours the answer was to modify the standard login program SAPMSYST to bypass the forced reset. If I remember correctly (it was a while ago) it was not straightforward as that program has protected source code. There is also the impact of support packs or general upgrades to consider if standard SAP is modified.

Good luck!

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert
In response to Former Member

‎07-15-2007 6:42 PM

0 Kudos

Just for your information: the routines to validate the logon data and to control the requirement / ability to change passwords are implemented in the kernel; SAPMSYST only implements the SAPGUI logon UIs.

But anyway: most likely <a href="https://service.sap.com/sap/support/notes/869218">SAP Note 869218</a> will provide the answer to Ali's question.

Cheers, Wolfgang

PS: any modification to the system program SAPMSYST will (with a very high likelyhood) result in (severe) problems - that's why it is protected (to prevent you from steping into trouble).

Former Member
In response to Former Member

‎07-15-2007 10:09 PM

0 Kudos

I'm pretty sure (though not 100%) that the mods that were required to bypass the password prompt were only done in SAPMSYST - this was in 4.6A, either way I agree it's not something that should be taken lightly. The only situation where there is a high potential for severe problems is if insufficient time is taken to research the impact of the changes and test them properly.

Former Member
In response to Former Member

‎07-19-2007 12:23 PM

0 Kudos

As Wolfgang already said it's absolutely sure (=100%) that you cannot bypass it with any ABAP modification

former_member185864
Active Participant

‎07-13-2007 5:53 AM

0 Kudos

Hi Ali,

Yes, it is possible; for that follow below steps:

1.Start the Config Tool C:\usr\sap\<SID>\<engine-instance>\j2ee\configtool\configtool.bat

Ex: D:\usr\sap\F02\JC00\j2ee\configtool --> configtool.bat

2.Goto cluster-data --> Global server configuration --> services --> com.sap.security.core.ume.service

3.Click on below property and set value is FALSE and click and "SET" button.

"ume.logon.security_policy.password_change_required = FALSE"

4.Save.

5. Restart the engine.

Now

1. Login with an "Administrator"

2. Create a user and define a password like "init123"

3. logoff from "administrator"

4. login with new user; password is "init123"

now system will not ask to change password.

Reward Points; if it is usefull.

Thanks,

Nagaraju Parlapalli

azmanhamid
Explorer
In response to former_member185864

‎06-04-2014 9:04 AM

0 Kudos

On 7.4, The closest parameter available is ume.logon.security_policy.password_change_allowed

Former Member

‎07-13-2007 6:38 AM

0 Kudos

Hi Nagaraju ;

Our user connects to SAP R/3 over SAP GUI. We don't use java tools.

Our platform is;

OS: HP-UX 11.11

SAP 4.7 WAS

Oracle 9

Thanks.

Former Member

‎07-13-2007 7:50 AM

0 Kudos

Hi Ali,

Check for the parameter "login/password_change_for_SSO".

I think by setting value 3 with this parameter we can make, deactivation of password..

Read the documentation of this parameter..

Reg'

Zeemaaa..

Matt_Fraser
Active Contributor

‎07-29-2007 10:44 PM

0 Kudos

It is possible to bypass the initial password change requirement by setting the users to be of type SERVICE instead of DIALOG. However, there's a cost to this: SERVICE users cannot change their own passwords. It has to be done for them by system administrators. So, you would have to weigh the consequences of doing something like this against the perceived benefit.

--Matt

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert
In response to Matt_Fraser

‎07-30-2007 8:46 AM

0 Kudos

Not only this - SERVICE users are also not subject of the "idle password usage" control (-> login/password_max_idle_productive - see <a href="https://service.sap.com/sap/support/notes/862989">SAP Note 862989</a>) and the system will not create SAP Logon Tickets for SERVICE users (see <a href="https://service.sap.com/sap/support/notes/622464">SAP Note 622464</a>.

former_member385596
Participant

‎06-05-2019 12:28 AM

0 Kudos

Hi Ali ,

Tell me the procedure if your problem was resolved.