Disabling password history

Hi,
We have 4.6C, ECC 6.0, and NW 2004s.  Our company has purchased a 3rd party product, Avatier, to control passwords corporate wide.  The security team is asking about the feasability of disabling password history in our SAP environments and removing SAP's password expiration (it would be controlled by Avatier).  We can set the password expiration to 0, but I see no mechanism to stop storing password history in SAP.
Is there a technique for stopping SAP in 4.6C, ECC 6.0, and NW 2004s from storing and tracking the last 5 passwords?
Best regards,
Russ

>
Russ Brooks wrote:
> They can synchronize passwords across all of our applications, as well as provide a self service feature to change user's passwords when they log into the network.  It's my understanding that they are storing the new password both in Active Directory and directly in SAP, so totally disabling SAP passwords in not an option.
>
> Cheers,
> Russ
Well, this topic has been discussed many times in SDN before.
But the truth still remains unchanged: password synchronization does not work (in general).
In almost all cases the real intention is: Single Sign-On.
So, if a user should have only one password then this password must not be replicated / synchronized but there should be a central place where the password is validated. Take UNIX or Microsoft Windows as an example: no-one would try to synchronize local accounts across multiple servers using a file copy approach. Instead, a domain controler approach is used.
For the ABAP system this means: you have to use a proper SSO mechanism - then you can even delete / disable the password in the ABAP system.
Notice: ABAP systems are not the only systems with a (local) password policy. There are many different password policy implementations - and it might not be possible to define a common policy for all systems which are supposed to participate in a "password synchronization federation". That's a fact.
I'm really estonished to see how many people still only think of passwords when talking of authentication.
And consequently they believe that passwords need to be used (and consequently also synchronized) if a user should be able to logon to multiple systems without being forced to proof his identity to each and every of those systems (that's what is commonly referred to as "Single Sign-On"). That's really a kind of stupid conclusion: "logon = password authentication" -> "SSO = automated password authentication, based on password synchronization".
Well, you cannot derive a solution from a wrong assumption (ex falso quodlibet).
Instead, the assumption needs to be revised.
Regards, Wolfgang

Similar Messages

  • Is it possible to disable the password history parameter?

    Hello,
    We are using NW04s
    Is it possible to disable the password history parameter completely? The current value can be between 1 and 100 only.

    Hmmm,
    since >90% of the users will try to enter their old password (which will be accepted without password history), I think it won't make much of a difference to not asking them
    Anyway, may be you take a look at table USR02 as old passwords appear here. Idea is to write a report which clears the old entries... But to fiddle around with passwords is a very special thing...so it's just an idea...
    Over and out,
    Peter
    Points always appreciated

  • How to set Password History in ACS? Sarbanes-Ox...

    I am using acs 4.0 for tacacs auth to network devices. I need to be able to force the password history to prevent users from using any of the previous 5 passwords. I see that there is an option to prevent from using the "last" one, but not 5. Can I overwrite this somewhere?
    thanks -j

    Hi,
    The latest version of ACS (4.1) has new features specifically designed to address SOX issues:
    "This release contains new ACS administrator permissions to improve password management and audit reports for regulatory compliance; for example, Sarbanes-Oxley (SOX). ACS includes the following capabilities for:"
    Authentication:
    * Forcing periodic change of administrator?s password.
    * Applying password structure policy.
    * Forcing administrator's password change for inactive account.
    * Preventing the reuse of old password (password history).
    * Disabling administrator accounts for inactivity.
    * Disabling administrator accounts after failed logins.
    * Allowing ACS administrators to change their own passwords.
    Audit and Reporting:
    * Logging all administrative actions via system logging (syslog), in addition to existing logging targets.
    * Controlling administrators? access to log file configuration to prevent specific audit logging from being disabled.
    * Adding new reports for administrators privileges.
    Authorization:
    * Providing a read-only privilege for users and groups.
    HTH - plz rate if useful.
    Andrew.

  • How to disable password for Diagnositics

    Hi,
    I want to disable the password option while I am doing Diagnostics. It is asking for password everytime when I select
    Navigation Menu -> Help -> Examine -> Diagnostics
    Please let me know how to disable this.
    Thanks in Advance!!
    Madhu Kumar

    Hi,
    To disable password protection, set 'Utilities: Diagnostics' profile option to 'Yes'.
    Note: 160151.1 - How to Make Help Diagnostics Examine be Password Protected?
    https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=160151.1
    Regards,
    Hussein

  • Clearing out previous password history

    Hi everyone! As part of our User maintenance is to clear out old user password histories. Just want to ask if there's a way that i could clear out the old/previous password history of a user?
    Thank you very much in advance!
    Regards,
    Braille

    Wow - to get a response from The John Burton, I feel so honored!
    No, John, I believe that you are talking about when you are on the Account Identification Screen. I am talking about when you have confirmed the customer and are on the Interaction Record Screen and you realize that you want to exit without adding a record. By clicking on END, it exits but creates a blank interaction record. When I click on Cancel, the screen exits to the Home Page but when the user goes into the interaction record for the next customer, the details on the botton of the screen (Last Interactions) is from the previous customer. It is as the Cancel does not clear out the previous information.
    Thanks for your time,
    Simon

  • Password history in IDM7.0

    Hi all,
    I have a requirement where i need to enable the password history for end user(for reset password and change password also).Can anybody give a solution for me???
    Thanks in advance.......

    Enabling password history is done from the Security > Policies tab.
    Edit the default Password Policy and add a number to Number of Previous Passwords that Cannot be Reused.
    Make sure this password policy is selected in Default Identity Manager Account Policy.
    Regards,
    R

  • Disabling password checking?

    Hi all,
    is it possible in Oracle to disable password checking, so that I could be connect with just
    <username>@<service name>
    without being prompted for a password?
    Now please don't condemn me... The idea is the following:
    It's all about a dedicated developer database / server.
    I have a lot of scripts which deploy the schema objects of our app, in several "connected" schemas, which are used by the app. For the sake of simplicity and speed we have been using <username>=<password>. But the consequence is, that these scripts cannot be used unchanged for deploying into production.
    It would be great, if I could only use the above mentioned connection script and by a central db-configuration, in one case it would connect me to the DB, in the other case I would be prompted for the password.
    Now please, don't value the approach. This not my idea. But is there a way disable password checking (entering question...)?
    Many thanks, in advance

    Mark D Powell wrote:
    What kind of scripts?
    What OS?
    What version of Oracle?
    We use an environment variables to hold the username and password. The OS then substitutes the current username and corresponding password into the script at run time. So the same Korn shell script we use in test can run in production unchanged and the developers do not know the production password.
    Oraclle also support global authenication via an Directory Server with the Advanced Security option.
    HTH -- Mark D Powell --I have the feeling, that you understood what I mean, still I don't understand your solution. But first I should provide more information...
    We are using 11gR2 on Linux machines, both for development as well as for production. We have a concept for continuous integration, where every schema object has it's own DDL script and then we have an allobjects.sql scripts which every single one of them (simply speaking).
    These are all SQL scripts, written to be executed in sqlplus. In SQLPLUS variables I am handling things like schema names and passwords. The "master" sql-scripts "connect"s itself to all necessary schemas for the app, and deploys every single database objects, executing its script. The consequence is, the "master" scripts contains many "connect" statements and in production every single one schema of the app, could have different password, so I can't just pass it as a parameter to the sql-script once.
    I hope, I have been more clear than the first time. So we have an app, which uses 8-9 schemas to be completely deployed. So I thought, if I could just use "<username>@<service name>" in my scripts, than the DBAs would be able to use them, unchanged, entering the production passwords, when prompted, without the developers knowing them....

  • Disable password expiry in Portal V2

    Hello,
    Is it possible to disable password expiry in Portal V2 (ias902).
    I do not password to expire for some users at all.
    Thanks,
    Ritendra.

    Hi Kaustubh,
    Refer this link:
    how to disable the "change of password" field in login page of SAP portal?
    Regards,
    jithin

  • How do I permanently disable search history in the Google search bar?

    In Firefox 3.6, left-clicking the drop-down arrow by the Google icon, then selecting "Manage Search Engines..." only allows you to disable Search Suggestions. Right-clicking the search bar only allows me to "Clear Search History".
    How do I PERMANENTLY disable search history when I type in the Google search bar?

    Disabling "Remember search AND form history" is not the correct solution in my case, what I need is Firefox to offer to split the option and disable "Search Bar History" while keeping "Form History" enabled.
    How can I do that?

  • Password History in FIM Password Reset

    Hello
    We have a problem no one seem to be able to fix. 
    We have a register/reset portal up n running and everything works great. Users can register and then change passwords.
    The problem is the password History, they can change back to old passwords. I have tryed all thinkable solutions but we cant seem to handle the history. We have policys on group level that applies this rules.
    Anyone with a solution or that have similar problem?

    Hi Tobias,
    Make sure you have the following configuration: 
    FIM 2010 Self Service Password Reset now supports Enforcement of all domain password policies
    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

  • How can I disable iMessages history?

    How can i disable iMesage history? Under the settings for iMessages on OS X 10.8.4 Mountain Lion, I don't see any options to disable this. The only thing close to that is already unchecked: Save history when conversations are closed.

    Hi,
    Messages still uses the com.apple.ichat.plist (and the other ones that had iChat in them for the accounts)
    The two new ones for iMessages (com.apple.imservice.imessages.plist and com.apple.imessage.bag.plist) only hold the server info on one and the Apple ID and the Aliases you use with it in the other.
    I have not discovered anything in any of the .plists that deal with how the "history' is saved (other than whether Chats are Saved on Closure).
    In previous versions of iChat there have been hints at MacOSXHints that do various things such as this one that changes the order of the Info when Selecting iTunes Playing as th Status Message
    http://hints.macworld.com/article.php?story=20050610163358263
    To use it in Messages you have to change the iChatAgent bits to IMAgent.
    I did search their site for 10.8 and Messages but found nothing that related to doing anything with the Saving or History of chats and conversations.
    I don't work for Apple.
    My "knowledge" is centered around iChat and Messages, which I have been posting about since 2004.
    8:32 PM      Monday; September 2, 2013
      iMac 2.5Ghz 5i 2011 (Mountain Lion 10.8.4)
     G4/1GhzDual MDD (Leopard 10.5.8)
     MacBookPro 2Gb (Snow Leopard 10.6.8)
     Mac OS X (10.6.8),
     Couple of iPhones and an iPad
    "Limit the Logs to the Bits above Binary Images."  No, Seriously

  • How to disable password for mount partitions

    Hi.
    I want disable password Aunthenticate for mounting partitions.
    I searched in wiki and google. But nothing found.
    Thanks.

    And/or https://wiki.archlinux.org/index.php/Udisks
    What exactly did you search for?  How did you not find these (and other) results?  Or have you ruled these out?

  • How to disable password updating ?

    I log into an internal website multiple times a day. In the login form, I am required to enter a password.
    The password I must enter is (ex.:) "boat123". Upon hitting the "Login" button, the code on the page changes the password to some other encrypted version then submits the information. Thus, the password I entered and the password submitted are different. Firefox sense this change and asks me if I want to update the password every single time. I find this behavior very annoying since I can't use the site with the "updated version" of the password, only the one I type in.
    Is there a way to tell Firefox to not ask me to update my password OTHER THAN disabling password saving altogether ?
    Thanks.

    Follow my prior instruction and enter that website into the '''''Exceptions'''''
    list and see what happens.

  • How to disable password

    Hello. i need help.
    how can i disable the password lock bb8700c? in the security options there is no point disable password. firmware version 4.5.0.182

    Hi and Welcome to the Forums!
    Often, if you have Content Protection enabled, then the password is required. You have to turn off content Protection:
    KB11963How to change the setting for Content Protection on the BlackBerry smartphone
    Alternatively, if your BB is part of a corporate BES environment, you may be required to have a device lock password...and there is nothing you can do to disable that requirement.
    Good luck!
    Occam's Razor nearly always applies when troubleshooting technology issues!
    If anyone has been helpful to you, please show your appreciation by clicking the button inside of their post. Please click here and read, along with the threads to which it links, for helpful information to guide you as you proceed. I always recommend that you treat your BlackBerry like any other computing device, including using a regular backup schedule...click here for an article with instructions.
    Join our BBM Channels
    BSCF General Channel
    PIN: C0001B7B4   Display/Scan Bar Code
    Knowledge Base Updates
    PIN: C0005A9AA   Display/Scan Bar Code

  • How to disable password complexity

    Ok, I have XE 10g installed with Apex 4.1 ...
    The windows 2008 R2 server has Password Complexity Policy Disabled....
    How do I disable Password Complexity in the Oracle Apex 4.1 it asking me to
    change the admin password on initial loggin after I just changed in SQLPLUS ...
    Another Great New Feature... I can see I'm never going to be able to upgrade pass 10g and 4.02 at
    this rate....
    Thank you....

    See:
    http://docs.oracle.com/cd/E23903_01/doc/doc.41/e21678/adm_mg_service_set.htm#AEADM204
    The first time you have to set a complex password. After changing the settings, you can change it to a simple password.

Maybe you are looking for

  • SPLIT VALUATION - EXT/INT PO Indicator- OMWC

    Hi,      Could someone help me understanding this?      While Configuring Split Valuation, for a Valuation Type I've set the 'EXT PO' indicator as '0' and associated it to a Valuation Category( No default Valuation Type has been set). After associati

  • URGENT PLZ- output

    Dear SAP Guru, I need to reprint some old invoices for salesorganisation ABCD order & delivery related. When I re-select them through transaction VF31 a lot of them go straight to the LOCL printer instead of the spooler & having waiting status. (I ma

  • Currency Symbol displays correctly locally, but not when I deploy to server

    Hi have some number fields, where I set the control hint on the view to Currency format. When I run locally, everything displays properly: $1,234.56 But when I deploy my application to our development server, the $ is coming up as a ¤1,234.56. This h

  • Web Services and JAXRPC serialization encoding

    Hi all. I have written a Web Service starting from the WSDL using wscompile (NetBeans 5.0 feature). The WSDL defines an operation which returns a complex data type which is wrapped by JAXRPC SI in a suitable class package. What I simply do, is to use

  • Is it possible to set a default media player for the iPhone?

    I have a music subscription with another company, therefore all my music is played through their app. When I plug my phone into my car to play music, it always opens iTunes and alerts me there is no music there so I have to open the app and select th