05-09-2008 2:16 AM
Hi ,
we set parameter login/password_expiration_time =90 in our SAP systems ,even after system not prompting to change password after 90 days
05-09-2008 9:50 AM
pls make sure, that your usertype is of 'dialog'. 'Service'-users are excluded from the pwd-change-parameter....
b.rgds, Bernhard
05-09-2008 9:53 AM
Did you restart the instance?
If you set it in the DEFAULT profile have you checked there are no conflicting (longer) values in the app server profiles?
05-09-2008 4:37 PM
Alex, we updated this parameter in DEFAULT profile ,
how to check consitency in other App server profiles?
05-11-2008 9:35 PM
Hi,
You can check the app server settings via RZ10 in the same way that you do for the DEFAULT profile.
Can you confirm that you have already restarted the instance because without that it will not work.
05-12-2008 5:09 PM
Alex,
We updated the Parameter and we alredy restart the server long back ,this password validity not working properley for some dialog id's ,for some users system propmting to change password some are not.
05-12-2008 6:54 PM
It will certainly prompt for password change unless the users changed it prior to the system prompt.
In what way did you test this scenario? because 90 day count starts with the day of recent password change by user thyselves or by administrator and not based on Initial password. and so users recieving the system prompt varies from each other.
if you can look at the change docs on password change for past 91 days, it should give you all your userID's in the list with exemption of system and Service userID's.
05-12-2008 7:49 PM
I'm thinking along the same lines as Keerti
Another thought, did you check the app server profile params? If a user is logging directly onto one of those & it has another values (say 120 days) then they won't be forced to change.
05-10-2008 1:13 AM
05-13-2008 11:10 PM
I recommend to analyse the system behavior by tracing:
1. setup trace according to note 495911 (it's not required to activate the security audit log, and it's sufficient to set the trace only on the current server instance using transaction SM50)
2. use SE37 to test-drive function module SUSR_USER_PASSWORD_STATUS_GET for one of the effected users
3. display the trace file (using transaction ST11)
4. deactivate the tracing