07-12-2007 2:53 PM
Hello;
Is it possible to set that the user do not change the initial password
when created or even if the SAP Administrator reset it, the first time
the user log on the system.
Thanks;
Ali Gumusoglu
07-12-2007 3:02 PM
I don't believe this is possible with a dialog user without modifying the SAP logon procedure code (possible but can be problematic).
More importantly, what would you want to do this? The change initial password is a good password control.
07-12-2007 6:03 PM
Hi;
We would like to use client based SSO in our company. This SSO application is client based so we could' t use SSO profile parameters. I asked this question may be there is another relevant profile parameters.
Thanks;
07-13-2007 8:25 AM
The client based SSO makes it a bit more difficult.
Last time I saw a situation like yours the answer was to modify the standard login program SAPMSYST to bypass the forced reset. If I remember correctly (it was a while ago) it was not straightforward as that program has protected source code. There is also the impact of support packs or general upgrades to consider if standard SAP is modified.
Good luck!
07-15-2007 6:42 PM
Just for your information: the routines to validate the logon data and to control the requirement / ability to change passwords are implemented in the kernel; SAPMSYST only implements the SAPGUI logon UIs.
But anyway: most likely <a href="https://service.sap.com/sap/support/notes/869218">SAP Note 869218</a> will provide the answer to Ali's question.
Cheers, Wolfgang
PS: any modification to the system program SAPMSYST will (with a very high likelyhood) result in (severe) problems - that's why it is protected (to prevent you from steping into trouble).
07-15-2007 10:09 PM
I'm pretty sure (though not 100%) that the mods that were required to bypass the password prompt were only done in SAPMSYST - this was in 4.6A, either way I agree it's not something that should be taken lightly. The only situation where there is a high potential for severe problems is if insufficient time is taken to research the impact of the changes and test them properly.
07-19-2007 12:23 PM
As Wolfgang already said it's absolutely sure (=100%) that you cannot bypass it with any ABAP modification
07-13-2007 5:53 AM
Hi Ali,
Yes, it is possible; for that follow below steps:
1.Start the Config Tool C:\usr\sap\<SID>\<engine-instance>\j2ee\configtool\configtool.bat
Ex: D:\usr\sap\F02\JC00\j2ee\configtool --> configtool.bat
2.Goto cluster-data --> Global server configuration --> services --> com.sap.security.core.ume.service
3.Click on below property and set value is FALSE and click and "SET" button.
"ume.logon.security_policy.password_change_required = FALSE"
4.Save.
5. Restart the engine.
Now
1. Login with an "Administrator"
2. Create a user and define a password like "init123"
3. logoff from "administrator"
4. login with new user; password is "init123"
now system will not ask to change password.
Reward Points; if it is usefull.
Thanks,
Nagaraju Parlapalli
06-04-2014 9:04 AM
On 7.4, The closest parameter available is ume.logon.security_policy.password_change_allowed
07-13-2007 6:38 AM
Hi Nagaraju ;
Our user connects to SAP R/3 over SAP GUI. We don't use java tools.
Our platform is;
OS: HP-UX 11.11
SAP 4.7 WAS
Oracle 9
Thanks.
07-13-2007 7:50 AM
Hi Ali,
Check for the parameter "login/password_change_for_SSO".
I think by setting value 3 with this parameter we can make, deactivation of password..
Read the documentation of this parameter..
Reg'
Zeemaaa..
07-29-2007 10:44 PM
It is possible to bypass the initial password change requirement by setting the users to be of type SERVICE instead of DIALOG. However, there's a cost to this: SERVICE users cannot change their own passwords. It has to be done for them by system administrators. So, you would have to weigh the consequences of doing something like this against the perceived benefit.
--Matt
07-30-2007 8:46 AM
Not only this - SERVICE users are also not subject of the "idle password usage" control (-> login/password_max_idle_productive - see <a href="https://service.sap.com/sap/support/notes/862989">SAP Note 862989</a>) and the system will not create SAP Logon Tickets for SERVICE users (see <a href="https://service.sap.com/sap/support/notes/622464">SAP Note 622464</a>.
06-05-2019 12:28 AM