Initial password expires:Communication Users

Similar Messages

• TMSADM: Initial password expired

  Dear community,
  I've a urgent question, because the SAP support hasn't answered yet and I have got to fix the problem.
  Because of security reasons we changed the following instance Parameters:
  login/password_max_new_valid = 1 (The initial password of new users is only valid on the day of creation)
  login/password_max_reset_valid = 1 (The initial password of an reseted user account is only valid on the day of change)
  Now we have an problem with our Transport Management System (STMS) and the used communication user TMSADM. One day after the change of the parmters we always got an login prompt when we wanted to see the import queue of the systems in transaction STMS. When I start a authority-check in transaction SM59 for the RFC [email protected]_SID Iget the error "The initial password has expired; request a new one".
  Now comes my question. Does anyone know how to fix the problem? I havn't found any solution in the SAP Service Marketplace and the SAP Support only wrote me that I should check the note 761637 and 713622, which don't fit exactly to my problem.
  I'm searching now for an possibility to set an password for an communication or CPIC user. When I set an password in SU01 I can only set an initial password. So does anyone knows how to do? E.g.: when I have an dialog user i can change the password at startup, but how can I change it at an communication user?
  Another posibilty is to run the check of the initialpassword not for the user TMSADM. Is this possible and if yes who can me tell how?
  Please help me, I'm in urgent trouble, because me colleagues are angry about this result of changement.
  Many thanks in advance.
  Michael

  I don't think that it is an good idea to change the password on the database. The values are only saved as hash-values and so it is not possible.
  Further I found a solution on my own to fix the problem. I changed the user type from communiction to dialog and so I set the password in the dialog screen at login.
  After that I changed the user type to communication aggain.
  It works. I've just tested it and the next days I will take the change for our productive system.
  Bye

• How to programmatically set initial password when a user is created in OID

  We are using the odihragent synchronization process to automatically create users in OID when an employee record is created. We would like to set the initial password for the newly created user to their last name + the last 4 digits of their SSN.
  The odihragent process is successfully creating the user in OID and populates the last name and the last 4 digits of the SSN in OID. According to an open SR I have with Oracle, we cannot use the odihragent process to set the initial password because any time the employee record is updated, the synchronization process will reset the password to last name + SSN. They have recommended that we use a pl/sql plug-in to set the password using the WHEN_ADD plug-in procedure.
  I am new to using OID and plug-ins and the examples provided in the Developer's Guide are limited.
  I would like to know if anyone else is using plug-ins or another process to set initial passwords when a user is created? If you are using plug-ins would you be willing to share a code sample?

  I am surprised that I have not received any responses... Surely there are others who are experienced with programmatically setting passwords when new users are programmatically created. Does anyone have any pointers on how to best accomplish this?

• CUA environment - changing the initial password of a user.

  Hi Gurus,
  I've encounter a perculiar issue when I assign an initial password to a user.
  My system setup is based on CUA where my Central admin is client 100, with child client 200.
  - I create an ID in client 100, set it to system 200, set initial password as "passW0rd". Save
  - The ID was created in 200
  - Logged in Client 100 using ID and "passW0rd", prompted for new password (i canceled the login)
  - When back to client 100 CUA, in SU01 I select ID and click "EDIT", under the logon data I retype the initial password to "P4ssword"
  - checked SCUL, it's green and user change
  - Logged in Client 100 using ID and "P4ssword", error in password
  - tried the old "passW0rd", prompted for new password.
  I puzzled why the CUA did not redistribute the changed initial password to client 200, another can any ideas?
  I also tried SU01 and click "reset password" button instead of "edit", the changed password was able to distributed to client 200.
  By password change is ok this way or not ok if change within edit mode?
  Thanks,
  Jansen

  Hi Sergo, 
  Yes I realise the "change password" works but for my case I cannot use that function. Any other suggestions. Cos by right even if I were to change in the logon data it should work right?
  Hi Juan,
  Yes I've checked, the IDOCs are in and successful.

• GRC 10: Initial password for multiple users creation in a ARQ request???

  Hi All,
  I was trying to create a request in ARQ for multiple users. I noticed that, I could add all the necessary required information for multiple users using the template. I added the roles as well. However, I could not set the initial password for multiple users as the tab "User System Details" (where the initial password is provided for a single user) is disabled!!!
  The users were successfully created in the R/3 system. However, due to non-availability of initial password, these users could not log into the R/3 system.
  May I know how to set the initial password for multiple users?
  Regards,
  faisal

  Vit,
  I was trying to test this multiple user creation scenario. But I am surprise to get a template where in I have only below mentioned fields:
  1. User Name
  2. User Id
  3. Email
  I filled these details and uploaded. Then filled the "User Access" details. While submitting the request, I got the error:
  "Last name is not mentioned for user id XXX"
  But there is not such column in provided template by GRC!
  I added 2 columns: First Name and Last Name and saved it and uploaded again. These details are not picked up!
  Following are the only columns shown:
  1. User Name
  2. User Id
  3. Email
  4. Manager
  Out of above, only "Manager" field is editable and others are disabled.
  Last time I remember, I has got complete template with all the columns. Unfortunately, I have deleted it and not available with me now.
  Any idea you have why am I getting such incomplete template?
  Regards,
  faisal

• SAP initial password expired... how to renew it?

  SAP initial password expired... how to renew it?

  hi there
  check with your basis team to renew the password,, or get the help from your team lead( he may have authorization for the SU01) there you can change the Initial password
  Thanks
  Senthil

• Initial password when LDAP user created i SAP?

  Hi,
  I'm about to configure LDAP integration with SAP, where users that exist only on the LDAP server are created in SAP.
  Are any initial passwords automatically set for these users in SAP, or will an administrator have to go in and set an initial password for all created users?
  Thanks, Oscar

  Hi,
  I assume you will use the LDAP synchronization in an ABAP system. Here you have to maintain the fields to be synchronized. The password field is typically not synchronized but you can fill in the logondata hashvalue. I never tried to get the hashvalue out of LDAP because LDAP and SAP may use different hash algorithms. The better way is to set a fixed value in the mapping. You can use SAP functions to maintain the hashvalue.
  Transaction for maintaining the mapping: LDAPMAP.
  Regards
  Rainer

• Communication User Locked..

  Hi All,
  Can you plz provide the information for this problem.
  How does a communication user gets locked & what could be the root cause for that problem?
  Thanks & Regards
  Srinivas K

  Hi Srinivas,
  Reasons for this:
  1) Somebody has changed the password of the communication id
  2) An RFC defined to refer that client has an incorrect password in SM59 for that Comm. id.
  >
  Srinivas K wrote:
  > a) If the password for the communication user has been expired, then do we need to reset it by using SU01?
  >
  Passwords for Communication users do not expire. Yes, SU01 is the way by which you change passwords, even for communication users. As mentioned earlier, its a bad idea changing the password of a Comm. user, as all other RFC's referencing to that client will have to be updated with the correct credentials.
  > b)"Communication users details not changed in all RFC communication configuration"---> I couldnt understand this, so could u plz provide some more information regarding this.
  >
  > Can we get information in ST05, with related to this problem?
  Debug the issue more. Look at the change documents of the Comm. user. See if anyone has changed the password. If not, then there might be a possiblity that some RFC referencing to that client has the incorrect details. ST05 is not what you are looking for. Look at SM20N (AIS) for the details.
  Do not change Comm. users to Service type! Comm. users normally have broad authorization, making it a service id is a heavy risk as SAP GUI access will be opened up!
  You might want to post/move this to the security forum
  Thank you
  Abhishek

• How to set password entered by user in the custom self registration app?

  Hi All,
  I am trying to create a customized self registration page on the portal logon page using Webdynpro JAVA application. Now the problem I am facing is that I am not able to identify how to set the initial password for the user in the portal that is entered by the user while registering through the application.
  I am using the object as:
  IUserFactory userFact = UMFactory.getUserFactory();
  IUserMaint userMaint = userFact.newUser(user);
  I am able to set different parameters such as First Name,Last Name, User Id, Email Id, etc but not the password.
  Any pointers will be highly appreciated.
  Thanks in Advance.
  Regards.
  Rajat

  Hi Rajat Jain,
  Try the below code.
  IUserAccountFactory mAccountFact = UMFactory.getUserAccountFactory();
  IUserAccount userAccount =mAccountFact.getUserAccountByLogonId(login); // Provide login
  IUserAccount muserAccount = mAccountFact.getMutableUserAccount(userAccount.getUniqueID());
  muserAccount.setPassword(oldPassword.trim(), confirmPassword.trim());
  muserAccount.save();
  muserAccount.commit();
  Regards,
  VJR.

• 802.1x Machine Based Authentication - Password expired

  Hi,
  I would like to ask 1 question about machine based authentication on 802.1x.
  1.We are deploying 802.1x on wired user.
  2.Some user are using machine based authentication in order to authenticate their port.
  3.However, after the user password expired, the user need to change their password and then the machine are unable to authenticate. The error i got is "External DB user invalid or bad password". Then switch assign the user to Guest Vlan
  4.But, once i plug out the cable and plug in back the UTP cable after the user login, the switch will assigned the user to proper VLAN.
  5.User wont be able to access their share drive n etc since the guest vlan only have access to the internet.
  5.Anyone have any idea what is happening? It seems that the machine is sending the old password during authentication process to the ACS.
  Anybody can shed a light to me. Thanks.

  This should certainly work with that rev. On your passed (or failed) auth log, you should see the username of the session authenticating. If you see the FQDN of the machine, this is a machine auth. Also, machine-auth typically executes before the GINA is displayed to the user. It sounds like machine-auth is failing and we need to determine why. Has this machine been away from the domain for long?
  This also might help:
  http://supportwiki.cisco.com/ViewWiki/index.php/802.1x_authentication_with_Cisco_Secure_Access_Control_Server_fails_to_work_for_Microsoft_Windows_XP_PC

• Changing initial password on CompanyPortal

  Hi experts,
  User calls the reports on the Intranet-Portal.
  I created a user just new.
  I thought by first login, system should ask to change Initial Password.
  If user make his/her first login over the Intranet portal, it does not ask to change the initial password.
  Do you know how to set up this ?
  Thanks.

  I think you would be using the same userid for all the applications in the intranet.
  if you are resetting the password, then you have to follow the same password in other applications in the intranet...
  i think, this is not practice to change/reset the password always in the intranet portal.
  I am not sure, how much feasible it is..
  Hope this would help you.

• Communications user password expires

  Hi,
  The password of our  communications user (ZCONTRANS) always expires/deactivated.
  How can I set tha password of this particular user not to expire? 
  We could not chage the login/password_expiration_time parameter because we need dialog users password to expire every 90 days (for audit requirement).
  thanks,
  kbas

  HI,
  use the usertype 'SYSTEM' instead of usertype 'Communication'. Passwords of 'System'-users do not
  expire. (the usertype can be set in SU01->tab 'logondata')
  b.rgds, Bernhard

• Capturing the Message on the Login Page (Invalid user/password expired etc.

  Hi, I have a requirment for capturing the error message on the Login page if the User's Account is expired or Account is Disabled or Invalid credentials, Password Lockout etc.
  I am using the attached login page. Can any one please help me out on this.
  <html><head><title>AARPLogin Page</title>
  <script type="text/javascript" language="JavaScript" xml:space="preserve">
  // This function automatically gets called for broswer detection
  var isNav4 = false;
  var isIE4 = false;
  var isNS6 = false;
  function obDetectBrowser()
  if ( navigator.appVersion.charAt( 0 ) == "4" )
  if ( navigator.appName == "Netscape" )
  isNav4 = true;
  } else {
  isIE4 = true;
  else
  if ( navigator.appVersion.charAt( 0 ) >= 5 )
  if ( navigator.appName == "Netscape" )
  isNS6 = true;
  obDetectBrowser ();
  var HOSTNAME =
  var COOKIE_OBREQUESTEDURL = "OBREQUESTEDURL";
  var COOKIE_OBFORMLOGINCOOKIE = "ObFormLoginCookie";
  var NCID_LANDING_PAGE_URL = "/landing/";
  var QS_REDIR = "ReDir";
  var keyChooser;
  function checkPasswordEnterKey( event )
  var form = document.forms[0];
  if (isNav4 || isNS6) {
  keyChooser = event.which ;
  } else if (isIE4) {
  keyChooser = window.event.keyCode;
  if (keyChooser == 13) {
  if (
  form.userid.value
  && form.userid.value != ""
  && form.password
  && form.password.value != ""
  form.submit();
  return true;
  else
  alert('Please enter a UserId and Password');
  return false;
  function showHidePanel( panelID, displayValue )
  var panelElement = document.getElementById( panelID );
  if ( displayValue == 'show' )
  panelElement.style.display = 'block';
  else
  panelElement.style.display = 'none';
  function getQueryVariable( variable )
  var query = window.location.search.substring( 1 );
  var vars = query.split( "&" );
  for ( var i=0; i < vars.length; i++)
  var pair = vars[ i ].split( "=" );
  if ( pair[ 0 ] == variable )
  return unescape( pair[ 1 ] );
  return "";
  function Get_Cookie( name )
  var nameEQ = name + "=";
  var ca = document.cookie.split( ';' );
  for( var i=0; i < ca.length; i++ )
  var c = ca[ i ];
  while ( c.charAt( 0 )==' ' )
  c = c.substring( 1, c.length );
  if ( c.indexOf( nameEQ ) == 0 )
  return c.substring( nameEQ.length, c.length );
  return null;
  function Set_Cookie( name, value, expires, path, domain, secure)
  document.cookie = name + "=" + escape( value ) +
  ( ( expires ) ? ";expires=" + expires.toGMTString() : "" ) +
  ( ( path ) ? ";path=" + path : "" ) +
  ( ( domain ) ? ";domain=" + domain : "" ) +
  ( ( secure ) ? ";secure" : "" );
  function Delete_Cookie( name, path, domain )
  if ( Get_Cookie( name ) )
  document.cookie = name + "=" +
  ( (path) ? ";path=" + path : "" ) +
  ( (domain) ? ";domain=" + domain : "" ) +
  ";expires=Thu, 01-Jan-1970 00:00:01 GMT";
  function lostPassword()
  var CurrentLogin = document.forms[0].userid.value;
  if ( CurrentLogin == "" ) {
  alert ( "Please enter your eMail Address." );
  document.forms[0].userid.focus();
  else {
  Set_Cookie( COOKIE_OBFORMLOGINCOOKIE, "done", 0, "/" );
  var LOST_PWD_PAGE = "/identity/oblix/apps/lost_pwd_mgmt/bin/lost_pwd_mgmt.cgi?program=passwordChallengeResponse&login="+CurrentLogin+"&backUrl=http://oradev2.na.aarp.int/login/login.html&target=top";
  window.location = LOST_PWD_PAGE;
  function emailPassword()
  document.passform.submit();
  function onLoad()
  if (getQueryVariable( "MSG" ) == 'LOGIN_FAILED' )
  alert ("Login Failed, Please try again");
  else if (getQueryVariable( "MSG" ) == 'PWD_EXP' )
  alert ("Your Password Is About to Expire. Please Change it at your earliest convenience.");
  var pwdExpUID = getQueryVariable( "login" );
  var hostTarget = getQueryVariable( "hostTarget" );
  var resURL = getQueryVariable( "resURL" );
  var PWD_EXP_PAGE = "/identity/oblix/apps/lost_pwd_mgmt/bin/lost_pwd_mgmt.cgi?program=redirectforchangepwd&login="+pwdExpUID+"&backURL="+hostTarget+resURL+"&target=top";
  window.location = PWD_EXP_PAGE;
  else if (getQueryVariable( "MSG" ) == 'CHGPWD' )
  alert ("You are required to change your password.");
  var chgPwdUID = getQueryVariable( "login" );
  var hostTarget = getQueryVariable( "hostTarget" );
  var resURL = getQueryVariable( "resURL" );
  var CHG_PWD_PAGE = "http://"+HOSTNAME+"/identity/oblix/apps/lost_pwd_mgmt/bin/lost_pwd_mgmt.cgi?program=redirectforchangepwd&login="+chgPwdUID+"&backURL="+hostTarget+resURL+"&target=top";
  window.location = CHG_PWD_PAGE;
  </script></head><body onload="onLoad();document.login.userid.focus();" alink="blue" bgcolor="#ffffff" link="blue" vlink="blue">
  <p align="center">
  <img alt="AARP Header Logo" src="login_files/aarpLogo.gif" border="0" height="91" width="219">
  <br>
  </p><form name="login" method="post" action="/access/oblix/apps/webgate/bin/webgate.so">
  <div class="boldText" align="center">
  <h2>Login</h2>
  <div class="boldText" align="left">
  <div id="LoginFailed" style="display: none;">
  <table align="center" bgcolor="#ff0000" border="0" cellpadding="2" cellspacing="0" width="500">
  <tbody><tr>
  <td>
  <table bgcolor="#e5e5e5" border="0" cellpadding="5" cellspacing="0" width="100%">
  <tbody><tr bgcolor="#ffffff">
  <td rowspan="3" height="40" nowrap="nowrap" valign="top">
  <img src="login_files/error.gif" name="error" height="20" width="20">
  </td>
  <td rowspan="3" align="center">
  <p>
  <font color="#ff0000" size="-1">
  <b>
  <div id="TryAgain" style="display: none;">Login Failed! Invalid UserID and/or Password, Please try again.<br></div>
  <div id="AccountLocked" style="display: none;">Your Account has been Locked!</div>
  </b>
  </font>
  </p>
  <p>
  <font color="#ff0000">
  <b>For
  assistance call E-Services Help Line at (XXX) XXX-XXXX Monday through
  Friday between the hours of 8:00 am and 5:00 pm eastern standard time.</b>
  </font>
  </p>
  </td>
  </tr>
  <tr bgcolor="#ffffff">
  </tr><tr bgcolor="#e5e5e5">
  </tr></tbody></table>
  </td>
  </tr>
  </tbody></table>
  </div>
  <br>
  </div>
  <table border="0" cellpadding="0" cellspacing="0" width="500">
  <tbody><tr>
  <td background="login_files/border_upper_left.gif" height="20" nowrap="nowrap" width="20"> </td>
  <td background="login_files/border_top.gif" height="20" nowrap="nowrap"> </td>
  <td background="login_files/border_upper_right.gif" height="20" nowrap="nowrap" width="20"> </td>
  </tr>
  <tr>
  <td background="login_files/border_left.gif" nowrap="nowrap" width="20"> </td>
  <td>
  <table bgcolor="#ebebce" border="0" cellpadding="2" cellspacing="0" height="100%" width="100%">
  <tbody><tr>
  <td colspan="3" align="center">
  <font color="darkred" face="Arial" size="3">
  <b>
  </b></font>
  <b> </b></td>
  </tr>
  <tr valign="bottom">
  <td colspan="3" width="100%">
  <table bgcolor="#ebebce" border="0" cellpadding="5" cellspacing="0" width="100%">
  <tbody><tr bgcolor="#e5e5e5">
  <td rowspan="2" bgcolor="#ebebce" height="20" nowrap="nowrap" valign="top" width="4%">
  <font color="#000000">
  <span class="text">
  <img src="login_files/arrow.gif" align="top" height="20" width="20">
  </span>
  </font>
  <font color="#000000"> </font>
  </td>
  <td rowspan="2" bgcolor="#ebebce" width="96%">
  <font color="#000000" size="-1">
  <span class="text">Please enter your Email and Password. If you are a new user to AARP, please select First Time AARP User.
  </span>
  </font>
  </td>
  </tr>
  <tr bgcolor="#e5e5e5">
  </tr></tbody></table>
  </td>
  </tr>
  <tr valign="bottom">
  <td colspan="3">
  <table align="center" border="0" width="349">
  <tbody><tr>
  <td nowrap="nowrap" width="74">
  <font color="#000000" size="-1">
  <div align="left">eMail:</div>
  </font>
  </td>
  <td width="265">
  <input name="userid" value="" size="32" maxlength="32" tabindex="2" type="text">
  </td>
  </tr>
  <tr>
  <td>
  <font color="#000000" size="-1">
  <div align="left">Password:</div>
  </font>
  </td>
  <td>
  <p>
  <font color="#000000" size="-1">
  <input name="password" size="32" maxlength="32" length="30" tabindex="3" type="password">
  </font>
  </p>
  </td>
  </tr>
  </tbody></table>
  </td>
  </tr>
  <tr>
  <td>
  <font color="#000000" size="-1">
  <p align="center"><b>Forgot Your Password?</b></p>
  </font>
  </td></tr>
  <tr>
  <td align="center"> <font color="#000000" size="-1"><!--
  Reset Password      
  -->
  Email New Password
  </font>
  </td></tr>
  <tr>
  <td colspan="4">
  <div class="boldText" align="center">
  <br>
  <input src="login_files/button_login.gif" name="Submit" value="" alt="login" type="image">
  <!--
  <b class="boldText"><img src="../images/button_login.gif" width="68" height="25" name="img_login" border="0" alt="login"/></b>
  --> <b class="boldText"><img src="login_files/button_clear.gif" name="img_clear" alt="clear" border="0" height="25" width="68"></b>
  <b class="boldText"><img src="login_files/button_help.gif" name="img_help" alt="help" border="0" height="25" width="68"></b>
  <b class="boldText"><img src="login_files/button_cancel.gif" name="img_cancel" alt="cancel" border="0" height="25" width="68"></b>
  </div>
  </td>
  </tr>
  </tbody></table>
  </td>
  <td background="login_files/border_right.gif" nowrap="nowrap" width="20"> </td>
  </tr>
  <tr>
  <td background="login_files/border_lower_left.gif" height="20" nowrap="nowrap" width="20"> </td>
  <td background="login_files/border_bottom.gif" height="20" nowrap="nowrap"> </td>
  <td background="login_files/border_lower_right.gif" height="20" nowrap="nowrap" width="20"> </td>
  </tr>
  </tbody></table>
  <p></p>
  <span class="text"><br><br><b>NOTICE:
  This system is the property of AARP and is for authorized use only.
  Unauthorized access is a violation of federal and state law. All
  software, data transactions, and electronic communications are subject
  to monitoring.</b></span>
  <div id="hr" style="position: absolute; width: 100%; height: 10px; z-index: 90; top: 657px; left: 10px;">
  <hr>
  </div>
  <div id="footer" style="position: absolute; width: 700px; height: 55px; z-index: 115; top: 678px; left: 50px;">
  <span class="subhead">
  Privacy Policy
  Disclaimer
  Contact Us
  </span>
  <span class="bodytext">
  </span></div>
  <form name="passform" action="http://oradev2.na.aarp.int/wampassword/passwordReset.html" method="post">
  <input name="login" value="" type="hidden">
  <input name="backUrl" value="http://oradev2.na.aarp.int/login/login.html" type="hidden">
  </form>
  <script type="text/javascript" language="JavaScript" xml:space="preserve">
  var undefined;
  if (
  document.login
  && document.login.password
  function clearForm()
  document.login.reset();
  function navigate( linkName )
  if ( 'login' == linkName )
  if ( document.accountLogin.userID.value != '' && document.login.password.value != '' )
  alert('Please click the Account Registration Setup link for now');
  //document.location = 'userDataPersonal.htm';
  else
  alert('Please enter a UserId and Password');
  function openHelp()
  helpDoc = window.open( "http://www.aarp.org", "", "scrollbars=yes,resizable=yes,width=500,height=300" );
  function cancel()
  // open dialog
  var initX = parseInt( window.screenX ) + parseInt( window.outerWidth ) / 2 - 100;
  var initY = parseInt( window.screenY ) + parseInt( window.outerHeight ) / 2 - 50;
  cancelDialog = window.open( "./cancelDialog.html", " cancelDialog", "resizable=yes,toolbar=no,menubar=no,width=200,height=150,screenX=" + initX +",screenY=" + initY );
  </script>
  </div></form></body>
  <script type="text/javascript">
  <!--
  function __RP_Callback_Helper(str, strCallbackEvent, splitSize, func){var event = null;if (strCallbackEvent){event = document.createEvent('Events');event.initEvent(strCallbackEvent, true, true);}if (str && str.length > 0){var splitList = str.split('|');var strCompare = str;if (splitList.length == splitSize)strCompare = splitList[splitSize-1];var pluginList = document.plugins;for (var count = 0; count < pluginList.length; count++){var sSrc = '';if (pluginList[count] && pluginList[count].src)sSrc = pluginList[count].src;if (strCompare.length >= sSrc.length){if (strCompare.indexOf(sSrc) != -1){func(str, count, pluginList, splitList);break;}}}}if (strCallbackEvent)document.body.dispatchEvent(event);}function __RP_Coord_Callback(str){var func = function(str, index, pluginList, splitList){pluginList[index].__RP_Coord_Callback = str;pluginList[index].__RP_Coord_Callback_Left = splitList[0];pluginList[index].__RP_Coord_Callback_Top = splitList[1];pluginList[index].__RP_Coord_Callback_Right = splitList[2];pluginList[index].__RP_Coord_Callback_Bottom = splitList[3];};__RP_Callback_Helper(str, 'rp-js-coord-callback', 5, func);}function __RP_Url_Callback(str){var func = function(str, index, pluginList, splitList){pluginList[index].__RP_Url_Callback = str;pluginList[index].__RP_Url_Callback_Vid = splitList[0];pluginList[index].__RP_Url_Callback_Parent = splitList[1];};__RP_Callback_Helper(str, 'rp-js-url-callback', 3, func);}function __RP_TotalBytes_Callback(str){var func = function(str, index, pluginList, splitList){pluginList[index].__RP_TotalBytes_Callback = str;pluginList[index].__RP_TotalBytes_Callback_Bytes = splitList[0];};__RP_Callback_Helper(str, null, 2, func);}function __RP_Connection_Callback(str){var func = function(str, index, pluginList, splitList){pluginList[index].__RP_Connection_Callback = str;pluginList[index].__RP_Connection_Callback_Url = splitList[0];};__RP_Callback_Helper(str, null, 2, func);}
  //--></script></html>

  Is it not possible that someone fired the password expiration cmd ?
  SQL> select limit
    2  from   dba_profiles
    3  where  profile='DEFAULT'
    4  and resource_name='PASSWORD_LIFE_TIME';
  LIMIT
  UNLIMITED
  SQL> select profile from dba_users where username='MYUSER';
  PROFILE
  DEFAULT
  SQL> conn myuser/myuser
  Connected.
  SQL> conn / as sysdba
  Connected.
  SQL> alter user myuser password expire;
  User altered.
  SQL> conn myuser/myuser
  ERROR:
  ORA-28001: the password has expired
  Changing password for myuser
  New password:
  Password unchanged
  Warning: You are no longer connected to ORACLE.
  SQL> conn / as sysdba
  Connected.
  SQL> select name, astatus, TO_CHAR(ctime,'DD-MM-YYYY HH:MI') CTIME, TO_CHAR(ptime,'DD-MM-YYYY HH:MI') PTIME, TO_CHAR(EXPTIME,'DD-MM-YYYY HH:MI') EXPIRE
    2  from sys.user$ where name ='MYUSER';
  NAME
     ASTATUS CTIME
  PTIME
  EXPIRE
  MYUSER
           1 23-11-2011 11:15
  23-11-2011 11:15
  23-11-2011 11:17
  SQL>Nicolas.

• JCO authentication through communication user password expiry problem

  Hi,
  We are using communication user for accessing our metadata. As per help.sap.com the authorizations for this user must be set in the backend so that this user can access all DDIC function modules.I have doubts as follows
  1. What are the Roles in R/3 we need to assign to the user to access DDIC function modules.
  2.As per our company IT policy, The default settings in R/3 for change of initial password is 3 days. After 3 days the password gets expired? Which user are we supposed to use for jco Communication user, system user, or service user? plz clarify.
  Regards,
  Sreeram

  Hi Sreeram,
  For the JCo user for defining the metadata can be a service user. with jsf communication authorization.
  hope this helps
  -Madhu

• Communication user is not requested change password

  Hi
  We have set a general rule, that users must change password every 90 days (login/password_expiration_time). We have now had a communication user in the system for more than 5 months, and the password is still not expired.
  How can this be? Shouldn't communication users be forced to change the password?
  In table USR02 I can see a field XUPWDSTATE - "Password Change Mandatory / Optional (See Domain XUPWDSTATE)", but I can't find any documentation on this field. The values are 0,1,254,255. Does anybody know what these values mean and how/when they are set.
  Thank you for your help.
  Regards, Morten

  >
  Morten Ellgaard wrote:
  > Hi
  >
  > We have set a general rule, that users must change password every 90 days (login/password_expiration_time). We have now had a communication user in the system for more than 5 months, and the password is still not expired.
  >
  > How can this be? Shouldn't communication users be forced to change the password?
  >
  > In table USR02 I can see a field XUPWDSTATE - "Password Change Mandatory / Optional (See Domain XUPWDSTATE)", but I can't find any documentation on this field. The values are 0,1,254,255. Does anybody know what these values mean and how/when they are set.
  >
  > Thank you for your help.
  >
  > Regards, Morten
  Well, that's a common misunderstanding:
  accounts of type "COMMUNICATION user" are subject of password expiration - however the password change requirement is not enforced (since the server cannot interact with the user). Actually that's not mainly caused by the user type but by the communication protocol being used: RFC and HTTP allow both, interactive and non-interactive system usage. Only the DIAG protocol (used by SAPGUI) ensures that an interaction with the user is possible - and in this case the system is enforcing a password change (when required).
  Note 622464 provides an overview on the user types and the ability / requirement to change passwords (and other impacts).
  Side-remark: modifying the USR02 field would not have any impact on the password change handling (beside the fact that such direct table manipulations are risky and strongly discouraged).
  As reported by other SDN community members (and stated in note 320991, quite at the end) there are some profile parameters that will cause RFC and HTTP based logon to fail for passwords which are expired / initial. Setting those profile parameters will result in a downwards-incompatible system behavior - for this reason the default setting is "off".
  Indeed, if you intend to use "technical accounts" for (automated) system-to-system communication, then kindly use the user type "SYSTEM". In that case, the password is neither "expired" nor "initial" - no password change is required nor can it be performed by the SYSTEM user itself. Only an user administrator can set a new password (in systems as of NWAS 7.0: even a downwards-compatible one - despite the password policy, see notes referenced by note 622464).