Forcing a user's password to be expired

Similar Messages

• Exempt UME user for password expiration

  Is there a way to exempt a user from the password expiration setting? For example, passwords for all users are set to expire every 90 days, but a user id, say "monitor_user", is used in monitoring application to perform an automated logon check. Every 90 days when the password expires, the monitor fails. Is there a way to set this user's password not to expire?
  Thanks

  Glen and Giorgio,
  Let me see if I can clear things up a little bit.
  First, there is the security policy which is controlled by the UME properties. This defines password length, logon ID length, etc. These properties apply to the entire AS Java and cannot be trimmed down for individual users. How they apply to users in different data sources also varies. For example, these properties are ignored to some extent if you have an ABAP system as your user store. See the following link:
  http://help.sap.com/saphelp_nw04s/helpdata/en/7f/c52442ad9f5133e10000000a155106/frameset.htm
  Second, as of NW 04s SPS 7 a new user attribute was added, named "security policy". For individual users you can choose one of the following security policies:
  default users (user can logon, password rules apply)
  technical users (user can logon, password does not expire)
  internal service users (user cannot logon, usually do not have passwords)
  There is a fourth policy: unknown users, applies to certain users mapped from an AS ABAP.
  In SPS 7 I believe and latest in SPS 8, you have limited abilities to change the security policy of the user with identity management. You can change the policy from unknown or default to technical but not back.
  In SPS 9 and later you can change the policy from unknown or default to technical and from unknown or technical to default.
  I wonder if support misunderstood your question and thought you were referring to the first type of security policy and not the second.
  Message was edited by: Michael Shea

• View user's password  attributes

  Hi everyone. I have been searching high and low for an answer to this, and as of yet I have not been able to find anything. Pretty much I am looking for the ldapsearch command to allow me to see when a user's password will be expiring. I am using DSEE 6.3. Any help with this would be appreciated it.
  thanks,
  John
  Edited by: edsrixix on Jul 8, 2009 9:46 AM

  If you're using the default DS5-compat password policy mode, then the attribute you want is passwordexpirationtime. This has to be specifically requested in the ldapsearch.
  [http://docs.sun.com/app/docs/doc/820-2767/passwordexpirationtime-5dsat|http://docs.sun.com/app/docs/doc/820-2767/passwordexpirationtime-5dsat]
  If you are using the DS6-migration mode or the DS6-mode, then you should look at pwdchangedtime in the user's entry coupled with pwdmaxage in the password policy to figure out the expiry date.
  [http://docs.sun.com/app/docs/doc/820-2767/pwdchangedtime-5dsat|http://docs.sun.com/app/docs/doc/820-2767/pwdchangedtime-5dsat]
  [http://docs.sun.com/app/docs/doc/820-2767/pwdmaxage-5dsat|http://docs.sun.com/app/docs/doc/820-2767/pwdmaxage-5dsat]
  You can check which password mode you are in by running:
  $ dsconf get-server-prop pwd-compat-mode

• How to set database user password to never expire

  Hello all,
  I have a linux server with Oracle 11g installed which is used primarily for testing by a few developers and QA folks. I want to set the DB user password to never expire. I have run the following (which works on a windows machine) but the password still states that it will expire in 7 days. Is there something else I can do to 'force' the pw to infinity? I've tried stopping shutting down the DB, stopping / restarting listener...
  ALTER PROFILE DEFAULT LIMIT PASSWORD_LIFE_TIME UNLIMITED;
  select * from dba_profiles where profile = 'DEFAULT' and resource_name LIKE 'PASSWORD_LIFE_TIME';
  "PROFILE"     "RESOURCE_NAME"     "RESOURCE_TYPE"     "LIMIT"
  "DEFAULT"     "PASSWORD_LIFE_TIME"     "PASSWORD"     "UNLIMITED"
  select profile from dba_users where username='TEST';
  "PROFILE"
  "DEFAULT"
  select username, account_status, to_char(expiry_date, 'DD-MM-YYYY') EXP_DATE from dba_users where username = 'TEST';
  "USERNAME"     "ACCOUNT_STATUS"     "EXP_DATE"
  "TEST"     "OPEN"     ""
  Help appreciated.

  With 11g, Password_life_time in DEFAULT profile is set to 180days.
  Default profile values in 11g.
  SQL> SELECT * FROM dba_profiles WHERE profile = 'DEFAULT' AND resource_type = 'PASSWORD';
  PROFILE                        RESOURCE_NAME                    RESOURCE
  LIMIT
  DEFAULT                        FAILED_LOGIN_ATTEMPTS            PASSWORD
  10
  DEFAULT                        PASSWORD_LIFE_TIME               PASSWORD
  180
  DEFAULT                        PASSWORD_REUSE_TIME              PASSWORD
  UNLIMITED
  PROFILE                        RESOURCE_NAME                    RESOURCE
  LIMIT
  DEFAULT                        PASSWORD_REUSE_MAX               PASSWORD
  UNLIMITED
  DEFAULT                        PASSWORD_VERIFY_FUNCTION         PASSWORD
  NULL
  DEFAULT                        PASSWORD_LOCK_TIME               PASSWORD
  1
  PROFILE                        RESOURCE_NAME                    RESOURCE
  LIMIT
  DEFAULT                        PASSWORD_GRACE_TIME              PASSWORD
  7
  7 rows selected.Change the password_grace_time to unlimited.
  HTH
  -Anantha

• Force all users to change their Enterprise passwords with a batch operation

  Hello,
  Do you know if there is a way to force all users to change their Enterprise passwords with a batch operation in the SDK? Is there any implementation done?
  Many thanks!
  Bea

  You can logon to Enterprise as Administrator in your SDK application. Query all users using following query:
  select * from ci_systemobjects where si_kind='user'
  then loop through the collection InfoObjects returned and cast east object to IUser.
  Either call setPasswordToChangeAtNextLogon(true) so that the user logs on next time will be forced to change his\her password. Call commit on InfoObjects collection at the end to save the changes.
  Otherwise you can call setNewPassword("new password") to reset password for that user.
  Depending upon number of users you can do bath commit. You can use commit(infoObjects,true). The 2nd argument is true for batch commit.

• How can a user that uses a Remote Deskop Gateway reset their password if it expired?

  Right now when a Remote Desktop Gateway user's password expires, the gateway server does not prompt them to change it. Instead, it just doesn't allow them to connect to their machine.
  How can a remote user reset their expired password if they use a Remote Desktop Gateway to initiate the remote session?

  Hi,
  Just to extend on Armin's points,
  If VPN access would be available, using AD authentication would still not allow you access if the password needs changing. If using a VPN, you would not need a gateway as you will connect to
  the LAN in most instances.
  The RDWeb site would need to be used in conjunction with the gateway if you are not using a VPN. The RDWeb and Gateway Roles can be installed on the same server simplyfing the deployment.
  As Armin has suggested, i would recommend that you look at Password reset from the RDWeb interface or look at a identity management product Like FIM 2010 R2 which provided a Password reset
  feature that can be published exernally.
  Best regards,
  Ryan Mangan | Ryanmangansitblog.wordpress.com | Help keep the forums tidy, if this has helped please mark it as an answer

• List all users whos password has expired

  Hi,
  Is it possible to list all users whos password has expired in the R\3 system?
  Thanks in advance,
  Aviad

  You can use program RSUSR200.
  On selection screen in block 'Selection by status of the password' select only 'Users with inactive passwords' checkbox.

• Production site is not functioning due to an User Login Password expire.

  Hi All,
  SQL Server 2005
  We have an issue with user login password expire. Generally we create logins without password expire but the user is unable to login to the server and getting password expire error.
  a) What would be the reasons behind this scenario.
  b) How to resolve this issue.
  c) How can we avoid this issue in future.
  I'm really grateful to your valuable suggestions on this. Thank You.
  Regards,
  Kalyan.
  ----Learners Curiosity Never Ends----

  Hi,
  In addition, you can use
  ALTER LOGIN (Transact-SQL) to configure the enforcement of password policy options of a SQL Server login.
  When CHECK_POLICY is changed to OFF, CHECK_EXPIRATION will also be set to OFF. The following combinations of policy options are not supported:
  If MUST_CHANGE is specified, CHECK_EXPIRATION and CHECK_POLICY must be set to ON. Otherwise, the statement will fail.
  If CHECK_POLICY is set to OFF, CHECK_EXPIRATION cannot be set to ON. An ALTER LOGIN statement that has this combination of options will fail.
  More information, please see policy enforcement section in the following TechNet article:
  http://technet.microsoft.com/en-us/library/ms161959.aspx
  Thanks.
  Tracy Cai
  TechNet Community Support

• Is there a way to alert user about password expiration

  Hi,
  Can we set up some trigger in OIM to kick off a task (or an email notification) x number of days before the user's password expires?
  Any help is appreciated.
  Thanks

  Sure.
  A scheduled task that reads the USR_PWD_EXPIRE_DATE from the USR table.
  You should also be able to read the value using the findUsers API from tcUserOperationsIntf.
  Good luck
  Martin

• Forcing Windows Users to Reset Their Passwords when accessing server

  If I set a Windows user's password to "be changed at next login", then hop on to \\our.servers.ip.address\ the user is never prompted for a password and instead is told that the login failed. However, I can hop on a Mac and login with the same username and will be instantly prompted to fill out a new password.
  Is there a way to get Windows to play nicely with this?
  The server uses OD, but the server does not serve as a PDC. And I have no need to bind our laptops. Is it possible to get this to work with the current setup? I imagine not, but I'm optimistic today.
  Clarified a few things.

  I setup the server as a PDC, but even then the same hiccup is encountered. It won't let the user set a new password but rather denies the login completely.

• File Adapter - anonymous login (or )User name ,password login - Efficient?

  Hi Folks,
  In File Adapter processing , anonymous login (or) proper user name password based login is recommended ?
  Because we have faced many issue while using username based login in File adapter  .
  Which one is best ?
  Regards.,
  Shiva

  Hi Shiva ,
  We will go one by one :
  You can go for the Anonymous login  but the problem is the any body can access the FTP server and it is not the secure one,that is why business generally don't allow the Anonymous login.
  Coming to Proper user name password login ,I would advice you to use this one as the connection is more secure in this case.But this also comes with a problem that the username password generally expires after some time as per security policy and you have to change the username password for the FTP server as well as in File adapter which you are using.But this problem can be solved by going for a permanent username and password.
  I would recommend you to go for Proper user name and password.
  Regards
  Ravi Anand
  Edited by: Ravi Anand@85 on Mar 12, 2010 7:56 AM

• User Account Password Resetting

  Hi All,
  I have an issue on one site running 10.4.9 server on an Intel XServe where one individual user account continually has the password reset, meaning that she cannot logon.
  Previously on this server I had the issue with the Password Service crashing everytime a user was created which seems to have been fixed with the update of 10.4.9, however this user still continues to be a problem
  There seems to be no reason for the account resetting, the server has not been rebooted for it to happen, nothing in the system log shows anything abnormal.
  A few weeks back I tried deleting the user account and re-creating her which worked for a few days and then it happened again.
  Following the 10.4.9 install I have deleted her account and created her again with a brand new SID and that worked a treat for a week, and then yesterday it happened again.
  We are now having to manually reset her password every few days so that she can logon to the system. She is the only user affected and I have disabled the complexity requirements for passwords in the Open Directory Service.
  If anyone has any thoughts/ideas on what could be causing this then please let me know.
  Cheers,
  PJR

  I know we've got an answer, but I wanted to throw in another permutation I came across. This applies to people running OS X Server in the "magic triangle" configuration, where authentication is handled by something other than OS X Server (eDirectory, in my case.)
  I'd try to log in to an account and the login window would shake at me. Go in to workgroup manager, reset the password, try again and it works. However the next time I try to log in I'll get the same error.
  This puzzled me for a minute, but it was the regularity of the behavior that tipped me off. The problem is simply that the user's password has expired, and the message doesn't make it through to the Macs. Maybe it does with Active Directory (anyone?) and maybe there's an LDAP binding to make it work with eDirectory (anyone again?) Likewise, maybe there's a binding that will let eDirectory know that WGM changed the password. In any case, that was the problem and the solution was simply to change my password using the Novell client on a Windows box.
  There, maybe that'll help someone out in a very specific situation...

• Problem in creating users with password restrictions

  I have enabled the following option in the Authentication>Enterprise tab of CMC.
  Must contain at least N Characters and specified N as 7
  Enforce mixed-case passwords
  However I am able to create user with password as abcd.
  Please suggest.
  Thanks in Advance

  I might be missing something but the rule applies to users changing their pw not administrators creating accounts. If the administrator sets this rule it would be thought/assumed that they would enforce their own rule when creating accounts. The users however should not be able to select 4 character passwords.
  I'll run some tests and see if I find out anything different.
  Tested this on XIR2 SP4 and XI 3.0 The rules apply to the user not the administrator creating the account.
  So create an account while the 7 character pw is enabled. By default the user logs in with the pw (any amount of characters) and is prompted to change their pw. They cannot choose anything less than 7 characters. So unless an administrator creates an account with a password less than 7 characters AND deselects the option to force a pw change. All new users will be forced to select a 7 character password.
  This is by design. If it forced the administrator to create accounts without a 7 character pw they could simply deselect the options(as administrators) so there is no security in forcing this.
  Regards,
  Tim
  Edited by: Tim Ziemba on Aug 13, 2008 5:28 PM
  Edited by: Tim Ziemba on Aug 13, 2008 5:33 PM

• Users specific password management

  Hello there,
  Can anyone tell me if there is any way  to unset password expiry period
  for a specific user.What i want is that a particular user's password never expires.
  This i want only for one user and not for all.
  Thanks
  Sumit

  Hello Sudesh,
  It is possible to set a non expiring password for a specific user. For this the field BCDA1 of the table USR02 table has to be changed to a faroff date say 31.12.2010 or like.
  This cant be done via sap Tcode se11/se16 etc as to change the value of the field it will ask you for the access key.
  The otherway to do this is to do this from the database level ie from sql prompt in case or Oracle database.
  For this go as follows:
  go to cmd prompt
  sqlplus /nolog
  conn /as sysdba
  update sap<id>.usr02 set BCDA1 = '20101231' where BNAME ='ABCD';
  commit;
  for example:
  update sapd01.usr02 set BCDA1 = '20101231' where BNAME = 'BASIS';
  commit;
  This will solve your purpose.
  Dont forget to award point if solved.
  Regards

• User Profile Password Setting

  Hi Gurus,
  My oracle version is Oracle9i Enterprise Edition Release 9.2.0.5.0 - 64bit on AIX machine.
  My client requirement is to set the users profile expiry_date to *31/12/2099* .
  The user accounts are going to expire on month of APRIL i.e *04-APRIL-13* but now my clients want to extend user expiry date *04-APRIL-13* to *31/12/2099*
  How to set this expiry date to *31/12/2099* , any idea?
  Thanks,
  Meena

  Meenakshy singh wrote:
  Hi Gurus,
  My oracle version is Oracle9i Enterprise Edition Release 9.2.0.5.0 - 64bit on AIX machine.
  My client requirement is to set the users profile expiry_date to *31/12/2099* .
  The user accounts are going to expire on month of APRIL i.e *04-APRIL-13* but now my clients want to extend user expiry date *04-APRIL-13* to *31/12/2099*
  How to set this expiry date to *31/12/2099* , any idea?
  Thanks,
  MeenaYou can't set a specific expiration date, only a password lifetime. But given the target date ... 31 dec 2099 .. isn't even within the life expectancy of anyone on this board, I'd expect the person who stated that requirement really wants passwords to never expire. So, password_lifetime=unlimited.