Actually profile parameters to protect system any type of misuse by user.In
order to protect SAP system against unauthorized access, you must define
password rules, set the relevant profile parameters and change the initial
values.Login password parameters
let the user to set up password, under the password rules.
The
parameters can be maintained using transaction RZ10.
You should insert them into the DEFAULT profile
so they take affect for all instances. Make sure to restart the instances.
1.
Call transaction RZ10.
2.
Select the default (DEFAULT.PFL).
3.
Select Extended maintenance.
4.
Change or add the parameters, as required.
5.
Save and activate the profile.
6.
Restart the application server.
See how they work…
login/min_password_lng:
This parameter defines the
minimum length of the password. Recommended value is 8
Default value: 6;
permissible values: 3 – 40
login/min_password_digits:
This parameter Defines the
minimum number of digits (0-9) in passwords.
login/min_password_letters :
These parameter Defines the
minimum number of letters (A-Z) in passwords.
Default value: 0;
permissible values: 0 – 40
login/min_password_lowercase:
It is Specifies how many
characters in lower-case letters a password must contain.
default value 0 ;Permissible
values: 0 – 40
login/min_password_uppercase :
This also same above the only
difference is upper case
login/min_password_specials
It is Defines the minimum
number of special characters in the password
!"@
$%&/()=?'`*+~#-_.,;:{[]}\<>|
Default value: 0;
permissible values: 0 – 40
login/min_password_diff:
Defines the minimum number
of characters that must be different in the new password compared to the old
password.
Default value: 1;
permissible values: 1 – 40
Login/password_expiration_time:
This parameter defines the
number of days after which a password must be changed. Recommended value is 35
days
Default value: 0;
permissible values: 0 – 1000
To
show the documentation either use transaction RZ11
or run program rspfpar in
transaction SE38.
These are
minimum password rules everyone has to set up in organization.
I am explaining
one of the issues we faced in our organization.
We have
implemented password length as 6.
Sometime later
we got request from client to change password length to 8.
Then we have
changed parameter value to 8 as per below.
login/min_password_lng=8.
After
implementing this password rule system enforces all the new users to set up as
new policy.
Now the concern
is new password rule is working for only new users then what about existing
users..?
Existing users
using their old password only and haven’t got any pop up to change their
password.
To solve this
problem another parameter is available.
login/password_compliance_to_current_policy:
Default value:
0;Permissible values: 0 – no check; 1
System checks
during password logon whether the current password complies with the current
password rules and forces a password change if not.
For "USR40 forbidden passwords" information Go
For "USR40 forbidden passwords" information Go
for more details sap note
862989 (follow below link)
No comments:
Post a Comment