Password policy document for Applicaiton users
Hello All,
Could someone provide any ploicy document ( Metalink Note ) which demonstrates how the pasword should be set in Oracle Applicaitons in 11i and R12
THanks
VInay Varma S
user11381800 wrote:
Hi,
I have written the java code as per the metalink doc : How to Implement (Signon Password Custom) Profile Option in Oracle Applications 11i / R12 [ID 362663.1]
I am able to meet all the requirements, but i need one more.
How to implement 'no repetition of previous 5 passwords' ? because this is outside Java code I am not finding a proper way out.
Also does EBS store your previous passwords in some table to retrieve them and how do i compare the encripted ones ?
Thanks,
Venkatram.This can be achieved using "Signon Password No Reuse" profile option.
How To Keep Track Of FND User Password Changes [ID 844520.1]
How To Setup Password Security? [ID 564125.1]
Thanks,
Hussein
Similar Messages
-
Password Policy implementation for SAP users
Dear Friends,
We are planning to implement the Password Policy for SAP users in our organization...
Here my question is,
Letu2019s say that the Password Policy is implemented today, what will happen to the SAP usersu2019 passwords?
Will they be locked out until they create a new password that follows the policy? Will there be a dialog box that will tell them what the criteria is for new passwords and its the time to change the password?
Thank you,
NikeeHi
Letu2019s say that the Password Policy is implemented today, what will happen to the SAP usersu2019 passwords?
SAP Users password will be intact till it prompts for next password change. Say, 90 Days. (Provided Parameter is not set)
Will they be locked out until they create a new password that follows the policy? Will there be a dialog box that will tell them what the criteria is for new passwords and its the time to change the password?
They will not be locked out until they create a new password that follows the policy (provided parameter is not set), During the time of changing the password they would get a dialog box if they have not met the specified criteria indicating that it should have specific values.
Once the password change prompt appears, in order to login to SAP they are forced to change password with password criteria set, other wise they can not login.
Thanks and Regards
Arun R -
Edit password rules only for BCC user
Hi all,
our customer has requested some changes on the password rules only for BCC users.
So, i should change the follow component:
/atg/userprofiling/passwordchecker/PasswordMinLengthRule
/atg/userprofiling/passwordchecker/PasswordMixedCaseRule
/atg/userprofiling/passwordchecker/PasswordMustIncludeNumberRule
/atg/userprofiling/passwordchecker/PasswordMustIncludeSymbolRule
/atg/userprofiling/passwordchecker/InternalPasswordMustNotIncludeLogin
/atg/userprofiling/passwordchecker/InternalPasswordNotInPreviousNRule
But the component password rules above, should be changed only for the BCC users. How can i do this?
Edited by: user7618461 on 30-set-2011 3.45Hi Christoph,
in your Identity Store, you can use LDAP Server as authentification method (Tab Workflow). You need an attribute which contains the DN of the users and fill out port and host of your directory. That means that the PW can remain in the AD. Just try it, haven't used this possibility yet. You could also use Kerberos via AD instead. These scenarios don't cover your requirement that some might be without an AD account (which is not that common).
Otherwise it's getting difficult again to get all passwords at once from your AD. You have to decrypt the passwords without a key... AD could store a lower encrypted password for NT4, which makes this a bit easier, but still "unesthetic". You get these hashes via SSL and not with the common initial load jobs.
The PW-Hook gets the passwords before they are set. That's why you could store and ecrypt the new passwords in the Identity Store and wait for 1 or 2 months till everyone had to change their password (if you use this policy).
Best regards,
Nils
Edited by: Nils Sibold on Jul 18, 2008 3:10 PM -
Change documents for the user in Ep7.0
Hi,
Is there a way can we track change documents for a user in user admin in AS java stack.We have LDAP sun 5.2 version as the datasource.in ABAP stack we have some thing like in suim the change docs.Thanks.Hi Ambarish,
Please check the Security Logging (.../usr/sap/<SID>/j2ee/cluster/serverX/log/security.log) might helps.
Security audit log - 1278155
Refer to http://help.sap.com/saphelp_nw70/helpdata/EN/03/37dc4c25e4344db2935f0d502af295/frameset.htm
Regards
Arun Jaiswal -
How to set password never expires for a user?
Hello,
I can't seem to find in the Administrative Console a place to enable "Password never expires".
I know that if I edit the USR_PWD_NEVER_EXPIRES field in the OIM DB and put the value '1' it will work.
However, I'd like to know how and if it is possible to activate this option on a user via OIM.
Thanks in advance,
TomicHi,
Now I got it.Try this one.
In FormMetaData.xml you will find.
<Attribute name="-13" variantType="String" dataLength="1" map="Users.Password Never Expires" />
Modify it to.
<Attribute name="-13" variantType="String" dataLength="1" displayComponentType="CheckBox" map="Users.Password Never Expires" />
Add this in.
<Form name="3">
<AttributeReference editable="true" optional="true">-13</AttributeReference>
I never need this but I hope above will work.
About disabling the resource I have few suggestion for you.
1.You can have your password policy consistent across the resources you are integrating in OIM.
2.Write an entity adapter so that when ever password is expired then can disable all provisioned user.
3.Alternatively you can also write a schedule task which will check for password expire date and disable the resource.
4.You will also need to enable the resources when password is changed.You can catch change password event through event handler or entity adapter.
Please let me know if you have fllow up questions.
Regards
Nitesh -
How to embed fonts in document for all users
Hello,
we are using a custom font for our documents. I know it's possible to embed fonts in document when saving.
Is there an option to enforce this setting with a policy?
I cannot find the right policy in the Office Policy templates.
We are using Office 2013 x86.
Thanks in advance.Hi,
Based on my knowledge, the option is document-based, we can't control this on the Policy level.
If your request is to turn on this option for all new created documents. Since all new documents are based on the Normal.dotm template, a workaround is to create a new Normal.dotm template in which this option is checked:
Browse to C:\Users\Username\AppData\Roaming\Microsoft\Templates, open Normal.dotm, tick the option and save it as Normal_1.dotm, save it in the same location.
Then rename the old Normal.dotm to Normal.old, rename Normal_1.dotm to Normal.dotm.
Open Word and create a new blank document, you will see this option is ticked.
To deploy this file for all users, we can write a startup script. The process is like: 1. Remove the old Normal.dotm, 2. Copy the new Normal.dotm template from a network shared location to C:\Users\Username\AppData\Roaming\Microsoft\Templates.
I hope the information is helpful to you.
Regards,
Melon Chen
TechNet Community Support
It's recommended to download and install
Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
programs. Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
[email protected] -
Diferent password expiration days for different users in the same system.
Hi sdn gurus,
We need to configure different password expiration days for different groups of users in the same system.
We know how to configure the system to define a password expiration time for the complete system (parameter login/password_expiration_time), but we must configure some expiration time to a group of users and another expiration time to another one in the SAME system.
Somebody know a way to do this?
Thanks in advance for your help!!!Hi Sunny,
Thanks for your reply!!!
We know the parameter is for the complete system ... but we are trying to find out if exist another way to define diferent passwrod expiration days, to diferent group of users (may be with an additional system parameters or UME configuration).
Thanks to all for your help. -
Shortcut to generate change documents for multiple user id access in ecc 6
hi.
i need to generate a report with changes to user ids within the last month. i dont have access to sap notes. thanksapart from SUIM, you can also refer to below reports
RSUSR100 Change Documents for Users
RSUSR100N Change Documents for Users
RSUSR101 Change Documents for Profiles
RSUSR102 Change Documents for Authorizations
regards,
Surpreet -
ORA-01017: invalid username/password; logon denied FOR SYS USER
Hello,
I was usually login through the same password for sys user to log on to the database as sysdba, but last time i used " / as sysdba" to connect using local system administrative account which is connected very well and still connecting in the same way. The initializing parameter file set with the following parameter:
remote_login_passwordfile=EXCLUSIVE
Now if i use to connect the database server remotely using sys user, it gives me "ORA-01017: invalid username/password; logon denied" error and if i use the same login credentials on DB server machine using other local user accounts it is giving me "Insufficient Privilige" error. I can only connect now using local administrator account from DB server machine using " / as sysdba" statement.
Kindly guide me the issue.When you use " / as sysdba" locally on server, you are using OS authentication which will bypass the password file and user/pass authentication.
Looks like you have discrepancy between the password you use and real password. You can login " / as sysdba" and change your SYS password to a new one.
When was last time you successfully login using password? What has changed since then? -
How do I turn off password at login for all users?
I want to keep separate users but I don't want a password requirement to login for any user. How do I turn off the password requirement at login altogether?
Its not only a matter of other people, but also any software-based threats or even mishaps. For instance, there are some Terminal commands that can be executed by a program, script, or even another user that require authentication. If you do not have a password set then these can be executed directly with administrative privileges. Some of these can be disastrous to the system if used incorrectly.
I agree for the most part if your system is fairly isolated then this is not much of an issue, but there is the rare possibility of malware or simple user mistakes that a good password helps guard against. -
Not able to use password with characters for RFC User.
hi All,
I have installed SAP SCM 5.0 with MaxDB 7.6and liveCache 7.6.
I created RFC user and RFC destination to administer liveCache globally as per SAP notes 305634 and 452745. I changed the initial passwords and tested Remote login for RFC User.
But when I try to start liveCache with startrfc following the link below
http://help.sap.com/erp2005_ehp_04/helpdata/EN/95/379f3cad1e3251e10000000a114084/frameset.htm
I got the following error
RFC Call/Exception: SYSTEM_FAILURE
Group Error group 104
Key RFC_ERROR_SYSTEM_FAILURE
Message Name or password is incorrect (repeat logon)
Then I logged into the CI with RFC user and try to start the liveCache with RSLVCSTART T-Code SE38..I got the following error.
Error DBMCLI_COMMAND_EXECUTE_ERROR when starting liveCache LCS on server saplcslc
Message no. LVC007
I tried by changing the password for RFC user to numeric [0-9] and special characters [$,:] which worked fine.
Does anyone faced this issue earlier? I searched notes, sdn and finally google ... but no luck to resolve the issue.
Your help is much appreciated.
Thanks,
VenkatYes I used LCA as liveCache connection. I resolved the issue with RSLVCSTART. Thanks for your suggestion to run connection test. I used wrong password for control user in the LCA connection. Now LCA connection shows everything is fine.
But I am still not able to use alphanumeric password RFC user to start the liveCache from command line. I get the following when run startrfc command...
bash-3.00$ /usr/sap/CAT/rfcsdk/bin/startrfc -3 -d LCSCLNT001 -h sapcatci -s 51 -c 001 -u LCSRFC -p Mach1cspsap\$ -l EN -F START_LIVECACHE_LVC -E IV_CON_NAME=LCA
RFC Call/Exception: SYSTEM_FAILURE
Group Error group 104
Key RFC_ERROR_SYSTEM_FAILURE
Message Name or password is incorrect (repeat logon)
bash-3.00$ echo $?
1
But I can start the liveCache from command line with numeric password successfully.
bash-3.00$ /usr/sap/CAT/rfcsdk/bin/startrfc -3 -d LCSCLNT001 -h sapcatci -s 51 -c 001 -u LCSRFC -p 19811983\$ -l EN -F STOP_LIVECACHE_LVC -E IV_CON_NAME=LCA
bash-3.00$ echo $?
0
Note the difference between the passwords used. Do i need to change any settings to accept alphanumeric passwords for RFC user.
Note that I am able to start liveCache server in both cases(alphanumeric password and numeric password) by logging into SAP GUI and RSLVCSTART program. The problem is only when i try to start the liveCache from the commandline.
Any help will be much appreciated.
Thanks,
Venkat -
Users can see documents for all users on the computer?
when I log in to user A and do a search this Mac, it finds all documents even from other users that are supposed to be confidential! How can I change this so that searches only find documents on that user?
HunterGuess you're my Ed Snowden go to guy for this stuff.
I have been naively thinking my confidential stuff was confidential. I don't think my staff have the wherewithal to figure that out and they are too busy and generally good people anyway.
One think I did notice when I was browing the Users from my employees computer: all other Users Documents folder had the RED dash on the folder. The only one missing the red dash was from mine which is the confidential User. I did set my documents folder to NO Access earlier today but no red dash appeared on that folder. Just checked it again after a restart. seems odd.
Thanks very much for your help Barney. -
Any option to set 'Password minimum age' for EBS user
Hi,
Do we have any option in Oracle apps to set the password minimum age? (eg. a password once reset successfully cannot be changed again within a 24 hour window)
Regards,
VijayHi;
Please check below and see its helpful:
Subject: Unable to Change Password when Password Policy Set to Min Age 1 and Next Logon Also Set . Doc ID: 752040.1
Re: Password policy in Oracle E-Business suite - Financials
http://oraclever.blogspot.com/2009/05/password-policies-in-oracle-e-business.html
Regard
Helios -
How can I display the password expiration date for a user
I have created a GUI (using PrimalForms) which runs powershel scripts to pull information like user ID, email address, last logon ec. for the helpdesk to help establish the validity of some user claims of "it worked yesterday" and the like.
I have been asked to add the password expiration date, but I am struggling to get the code for this addition.
Does anyone know how I can include this, and have it in a human readable format?
The current scripts (there are 3) allow the helpdesk staff to search on user ID and display name, the third provides the last logon, it was impossible to include this in the other scripts so I added an extra search button and called it good. An example of
these scripts is below (please note, PrimalForms needs a slightly different syntax in order to get the results displayed, but the core script is standard PS, I use Powershell 3.0)
$results.Text=Get-ADUser -Filter "sAMAccountName -eq '$($EntryBox.text)'" -Properties DisplayName, sAMAccountName, mail, extensionattribute5, PasswordLastSet, PasswordExpired, PasswordNeverExpires, buMemberOf, telephoneNumber, msExchOmaAdminWirelessEnable, whenCreated, whenChanged, enabled, AccountExpirationDate | select givenName, surname, DisplayName, sAMAccountName, mail, extensionattribute5, PasswordLastSet, PasswordExpired, PasswordNeverExpires, buMemberOf, telephoneNumber, msExchOmaAdminWirelessEnable, whenCreated, whenChanged, enabled, AccountExpirationDate | Out-String
$results.Focus()
for info:
$results.text is the window in the GUI results are displayed in
$entrybox.text is the text box the helpdesk staff use to input the user ID or display name of the account they are querying
$results.focus simply tells the script to put the results in the results.text window
The screenshot below shows the current setup, this is purely to put the above information into perspective. Obviously some of the information displayed has been removed/redacted along with our logo.Hi,
Here's an example you can build from:
$maxPasswordAge = 120
Get-ADUser USER -Properties PasswordLastSet |
Select SamAccountName,
PasswordLastSet,
@{N='PasswordLifeRemaining';E={$maxPasswordAge - ((Get-Date) - $_.PasswordLastSet).Days}},
@{N='PasswordExpirationDate';E={(Get-Date $_.PasswordLastSet).AddDays($maxPasswordAge)}}
Don't retire TechNet! -
(Don't give up yet - 13,085+ strong and growing) -
Outlook asking for username and password, but only for some users
Hello, I'm
in an Exchange Server 2013 client
environment, two CAS servers
and two Mailbox.
Some users are having trouble in Outlook 2007
and 2012, which is directly
requesting the user name and password, not all,
just some.
The Active Directory is ok,
DNS and also own Exchange
servers apparently do not see errors.
Has anyone here ever experienced this?
How can I solve this problem?
As this happens only to some users
and the vast majority have no problems, so
difficult to find the cause.
Thank you!
Ivanildo Teixeira GalvãoHi Ivanildo,
From your description, only some users have an issue that Outlook prompts for username and password. In your case, I recommend you compare the normal and problematic Outlook settings. Here is the Outlook settings in my environment for your reference:
1. "Always prompt for logon credentials" isn't checked.
2. Logon network security using Negotiate Authentication.
3. "Connect to Microsoft Exchange using HTTP" is checked.
4. Use the NTLM Authentication when connecting to my proxy server for Exchange.
Hope this can be helpful to you.
Best regards,
If you have feedback for TechNet Subscriber Support, contact
[email protected]
Amy Wang
TechNet Community Support
Maybe you are looking for
-
The project could not be prepared for publishing because an error occurred.
I have just loaded iLife 09 on my MAC. I've edited a movie and now want to export it, put it in iTunes, whatever I can do to move it beyond my laptop. No matter what option I choose under Share I get the same error message, "The project could not be
-
Open module for managing property file and environment variables
Looking for an open module for managing property files and environment variables (like CLASSPATH) set in a shell script. For handeling properties (preserving comments, supporting includes, appending new entries, and more) I have looked at SuperProper
-
Issues with DNG Flat Field Plug-in after installing updates
Hello, First of all many thanks to the Lightroom-team for making the DND Flat Field Plug-in available. I am using it to correct images taken with non-retrofocus M-mount lenses on a Sony NEX-7. I have previously used CornerFix, which worked fine, but
-
Diff between programme BBP_GET_STATUS_2 & CLEAN_REQREQ_UP in SRM7.0
Hi Experts , We have ECC6.04 with SRM 7.0 with Classic Scenarion I am confused over exactly what BBP_GET_STATUS_2 do in SRM ? I believe CLEAN_REQREQ_UP update the SC with follow on document i..e Classic PO.... and BBP_GET_STATUS_2 update the entri
-
MDS Error: unable to create user DBs in /var/folders/...
What does this error mean? I have tons of them in my console. I have also repaired my permissions with Disk Utility, which found nothing in /var. Oct 21 15:29:02 macpro trustevaluationagent[25914]: MDS Error: unable to create user DBs in /var/folders