Profile parameter for to change password

Similar Messages

• Configuring profile parameter for a table lock object

  Hi Experts-
    I want to set the 'wait time' (_WAIT) parameter as a profile parameter for a table lock object.
    I have created a lock object on a ZTable. I lock and unlock this object in exclusive non-cumulative mode through the enqueue and dequeue lock object function modules. These generated FMs are invoked via my custom function module.
    My function module will run in the background as a scheduled task in R/3. I execute the Enqueue FM at the start of the FM and keep the table locked until the last step finishes in my FM and then I Dequeue it. I want to have the processing wait and retry the Enqueuring FM at set intervals in case the one run doesn't finish entirely and a new run of this same job kicks off.
  Thank you,
  - Vik.

  Set the wait parameter = 'X'.  These means that if it encounters a lock, then it will wait a certain time for the lock to be released.  This certain time is a system value set by your basis team.  I don't imagine it being a very long time.
    CALL FUNCTION 'ENQUEUE_EZPIPHYINVREF'
         EXPORTING
              MODE_ZPIPHYINVREF = 'E'
              MANDT             = SY-MANDT
              _WAIT             = 'X'.
  Regards,
  Rich Heilman

• LPM Custom URL for Force change password

  Hi All,
  I have configured LPM in OAM Identity Server, In the password policy i have given the custom URL of my application for the change password screen after resetting the password.
  The issue here is... When the user tries to login with the new password (resetted password) it is not redirecting to the force change password page...

  I am having a similar issue with getting this feature to work.
  I have the Force Change Password on Next Login checked, and I'm using (just for testing purposes) the amadmin account as the Bind DN.
  Then when I configure a secret question for a user account, and change the password, then log in with the new password, I go to the configured "Default Success URL", and I am never forced to change my password.
  Does anyone know what the expected functionality is when this does work?
  I'm working with Identity 6.1 on a Solaris box.
  Thanks for your time.
  chris

• Profile parameter for passwords - conflicting documentations.

  Greetings!
  I've encountered an issue with profile parameter login/password_max_idle_productive
  Integrated help in SU01 says:
  You can use the profile parameter login/password_max_idle_productive to define the point as of which the validity of the productive password ends. The time is calculated from the date of the last password change plus the number of days specified in the profile parameter. Password-based logon is then not possible from this point.
  This makes this parameter redundant (we have login/password_expiration_time ).
  SAP Library says (see link below):
  Specifies the maximum period for which a productive password (a password chosen by the user) remains valid if it is not used.
  Which suggests that the time after which passwords are considered expired is calculated from last logon date plus whatever is the parameter value.
  SU01 help specifies explicitly how this parameter works but it conflicts with a more ambiguous description found in the SAP Library. The observed system behavior on logon is in line with SU01 help, but report RSUSR200 does not list the user as having an expired productive password.
  We're on ECC 6.0, release 701 with support package 3. I could not find any SAP notes relating to this issue.
  Has anyone encountered this issue before or have I just run into an odd glitch?
  [SAP Library|http://help.sap.com/saphelp_nw70ehp1/helpdata/en/22/41c43ac23cef2fe10000000a114084/frameset.htm]

  It sounds like you have a requirement to set the expiration time (when the user has to change the password) which is for a different user group than those for which you want to disable an idle password. Currently, both are global settings and affect both user groups (actually, all users of type DIALOG and COMMUNICATION - only SERVICE and SYSTEM type users are not affected).
  In that there is an option for you... but be aware of license implications... or you can upgrade to 7.02 early next year (I think this is the correct release, time and release "alias" for it..) and then the config your security policies client dependently!
  Currently, your best option is to not set these two global parameters illogically and monitor the user group manually from RSUSR200.
  In the wild, many folks use the user type difference to workaround this, but that is also global to the user type so they are excepted from the expiration time as well. Additionally, not all functionality is available to them on the client side (e.g. SAP Logon Tickets won't work) and the authority-checks are even slightly different on some special cases.
  Personally, I don't understand why users with authorizations to make purchase requests only should change their passwords more often (expiration time) or be more active (idle time) than those with SAP_ALL etc.
  > I hadn't considered SSO since we do not currently use it.
  SSO solves several of these problems by deleting the password completely...
  Cheers,
  Julius
  Edited by: Julius Bussche on Oct 8, 2009 9:59 PM

• Profile Parameters for Logon and Password (Login Parameters)

  I've upgraded SM3.2 to SM4.0 and now users can create password with 40 characters. I want to return to max 8 letters in password and to big letters in password. I' haven't found appropriate parameter. Does parameter login/password_downwards_compatibility provide me compatybility to old login parameters?

  Hi,
  Also follow the following
  /people/sap.user72/blog/2005/10/19/attention-security-administrators-new-password-rules-are-on-their-way
  After SAP NetWeaver 6.40, the password hash algorithm is changed from MD5 to SHA-1. This means that more secure hash values, which are not backward-compatible, and which make reverse engineering attacks difficult, can be generated. By default, new systems generate two hash values: a backward-compatible value and a new value. However, you can configure the system so that only the new hash value, which is not backward-compatible, is generated. You can set the degree of backward compatibility with the profile parameter login/password_downwards_compatibility.
  The system can determine the type (new or old) of the current user password at any time. During logon, the system calculates the password hash based on the entered data and in accordance with the information from the user master record (see the hash procedure used) and compares the hash values. The system decides itself which part of the entered password is evaluated.
  · If the user master record shows that the user’s password was encrypted with the old password hash algorithm, the system only evaluates the first eight characters and converts these to upper-case
  · If the user master record shows that the user’s password is encrypted with the new password hash algorithm, the system evaluates all characters as they were entered (up to 40 characters, with no conversion to upper-case).
  The new functions do not initially have any consequences after the upgrade; the operation of the system and password queries continue to run as usual. The passwords of the new type gradually replace the passwords of the old type.
  Do reward with points.
  REgards.

• Complete List of Error Codes for Customized Change Password Page

  Hi,
  does anyone has a complete list of "Change Password Page Error Codes"?
  The list provided in the document:
  Oracle® Application Server Single Sign-On Administrator's Guide
  10g (9.0.4)
  Part Number B10851-01
  seems to be incomplete. (See: http://download-uk.oracle.com/docs/cd/B10464_01/manage.904/b10851/custom.htm#1009955 )
  I found at least three additional / different error codes:
  auth_fail_err
  pwd_minlength_err
  pwd_numeric_err
  I'm using a JSP Page.
  Thanks for help

  Hi,
  I found the list in the OID Admin Documentation. The list contains the error messages the OID sends to the client. In case of SSO, the client for the OID is the SSO server. So now I know which errors are transmitted to the server, I have to find out what the server sends to the SSO Page for Password change. Probably I should test all cases documented in the OID Admin doc to find the appropriate values for SSO Server.
  Thanks for the tip

• Profile parameter for BTC ignored.

  This weekend, we ended up restoring some production systems.  Becuase we did not want any background to run once the systems came up we changed the btc parm to  "rdisp/wp_no_btc = 0 ".  As we know, this should bring up the system without any background processes.  This change was made on the instace level profile, and we checked for duplicate entries.  After the PIT restore, SAP was brought up.  However the same number of BGD processes were still active on the system.  A look at RZ11 shows that the profile is set to 0 for all three categories. 
  The system in question are the BI system and the SCM system. 
  BI is on EhP1 andSCM is on 5.0.
  The BI system is a muliti instance system, and the CI was changed to have BTC=0 and was brought up alone
  SCM is a singe instance system.
  Any ideas would be appreciated.
  Regards,
  Dan

  Thanks for the reply, but not exactly what I was asking.
  To clarify.
  I want to bring up the system with no background process.  As you know when the system comes up the table TBTCS is searched for any dates in the past and those jobs that are found are scheduled.  To this end, we set the profile parm
  rdisp/wp_no_btc =0.  However when the systems came up the original number of background processes were crearted.  More perplexing is that looking at the parm in RZ11 shows the values for PROFILE, DEFAULT and CURRENT all set to 0.
  So why did the system come up with BGD processes.
  Regards,
  Dan

• Profile Parameter for HTTP communication

  I have installed PI 7.1 service which contain double stacks(ABAP+JAVA).
  Is it possible to access ABAP server using 8000 port, and Java server using 50000 port? (System number is 00).
  The prerequisite is i need the the parameter icm/server_port_0 to be added to the profile.

  Hi Sharath, thanks for you reply.
  Yes, after installation the default ports for ABAP and JAVA are 8000 and 50000. But if i set the parameter icm/server_port_0 = PROT=HTTP,PORT=50000, then the ABAP server also should be accessed through port 50000. If i still use 8000, nothing will return. If set icm/server_port_0 = PROT=HTTP,PORT=8000, then i only can access Java server also use port 8000.
  I wonder if it is possible to use these two ports for ABAP and JAVA respective??
  Thanks so much!
  Regards
  Edited by: Chris Xu on Mar 2, 2010 8:28 PM

• Profile parameter for ENQUEUE

  The ENQUEUE function module also has the parameter _WAIT. This parameter determines the lock behavior when there is a Structure linklock conflict.
  You have the following options:
  ·  X: If a lock attempt fails because there is a competing lock, the lock attempt is repeated after waiting for a certain time. The exception FOREIGN_LOCK is triggered only if a certain time limit has elapsed since the first lock attempt. The waiting time and the time limit are defined by profile parameters.
  i want to know what  parameter define the wait time, thanks very much!

  Dear,
  Please look to the below link, especially "Creating lock objects and Example of lock objects"...
  http://help.sap.com/saphelp_46c/helpdata/en/cf/21eebf446011d189700000e8322d00/frameset.htm
  Regards,
  Sreenivas .Y

• Password Profile Parameter

  Dear All,
  Kindly advice,
  We have recently changed the instance profile parameters for enabling
  the password policy. The parameters that we changed are
  login/password_expiration_time 60
  login/min_password_specials 1
  login/min_password_lng 8
  login/min_password_letters 2
  login/min_password_digits 1
  login/password_max_new_valid 45
  login/password_max_reset_valid 45
  We are using ECC 4.7
  After we have restarted the system, all users were prompted
  automatically to change the passwords except three users which we had
  created recently.. Although we have given the "login/min_password_lng"
  as 8, it still taking 4 letters as password without any special
  characters in it.
  Kindly advice us in this regard and if u need any more information
  please let us know.
  Regards
  GAURAV

  Hi,
  As said by António Barrote, might be you are having more application servers and parameters are set in one server only. If that is the case then if those 3 users are logging in to other server then it will not prompt.  Also, if you say that, no we have only one server and all the parameters are set correctly and working fine for other 240 users. Then yes you are right.
  As per my understanding, it has not asked for password change for these 3 users because this users are created recently and after creating them you have set the parameters. Hence after the parameters came in to effect it will not ask for password change for these 3 users because the password expiration is 60 days as per value you have set above. Hence after 60 days form the date when you have created those users and set password it will prompt them to change password and at that time it will not allow them to set password for length 4 letters, but will set as per the parameters.
  Since for these 3 users password was set before enabling parameters those will apply only after expiration period. Otherwise what you can do is reset the password for them now and ask them to change it and now it will make them change password as per the parameters.
  Hope clarified.
  Thanks & Regards,
  Sharath Babu M

• How to change INSTANCE profile parameter?

  HI,
  How to change INSTANCE PROFILE PARAMETER for permanent???
  any step by step or note?
  Thanks,

  Alf,
  Its is recommended to do parameter changes through RZ10. Check the parameter in RZ11 and if you see a check mark against DynamicallySwitchable, you dont have to reboot else it requires a reboot. All the changes you made through RZ10 is permanent. You can do it through OS level but its not a good practice. If you do it through RZ10 it is logged.
  Thanks
  Prince Jose

• Change Password not replicating to AD user account

  I am a mac noob and we are having an issue where password changes on macs are only reflected on the local system.  The macs are bound to AD, and Create a mobile account at login is checked.  I have asked our network and security teams to verify any changes recently but am told that things are as they have always been.
  Currently the only workaround is to have users change the password on their Mac and then use a windows machine to also change the pw, or call the service desk and have them update their password in AD.
  Is there something obvious that I am missing because of my inexperience with Macs?  I appreciate any help I can get,
  Thanks,
  Stephen
  What I have tried so far:  (all the steps I have tried I also rebooted after any changes were made)
  Preferences/Users & Groups/Change Password - Only changes PW locally.
  Unbinding from the domain and rebinding
  Unbinding from the domain, changing the machine name, restarting, binded to the domain and applied AD preferences
  Tried specifying the preferred domain server in the Directory Utility under advanced options
  I have reproduced the issue on my Mac Air with 10.9 (mavericks) and also on a MacBook Pro with 10.8.5(mountain lion)
  Turned off wireless and attempted change via only a wired connection on non 8021x LAN
  Turned off wireless and attempted change via only a wired connection on the 8021x LAN
  Disconnected wired and attempted change via only a wireless connection.
  Turned off wireless and attempted change via DSL connected to VPN
  Deleted profiles and downloaded them from Profile Manager
  Attempted to change password using the Preferences/Security & Privacy/General tab
  Attempted to change password using Terminal

  We pinpointed the cause of the issue.  It is the build process instructions we follow.  The old process was automated but doesn't work with newer macs so we have been running the builds manually.  We added the user as a local user manually which is precisely why the PW changes only happened locally. 
  Once the machine is bound to the domain and network users can login, and the mobile profile option is selected, all one has to do is login using network credentials, the password change was immediate for AD.

• Profile Parameter Setup (RZ10) - Help Needed

  In using RZ10 to setup profile parameter for QAS, in the scenario below:
  How dow I change the "Unsubtituted and Subituted standard value to match this
  miadevs2\sapmnt\trans                                                                               
  Parameter name:                                                 Status      Seq. no.
  DIR_TRANS                                                       Active            3                                                                               
  Parameter val.:                                                                    
  $(SAPTRANSHOST)\sapmnt\trans                                                                               
  Unsubstituted standard value:                                                      
  miaqasc2\saploc\trans   <b>(Need to change this value - It is grayed out)</b>
                                                                                  Substituted standard value:                                                
  miaqasc2\saploc\trans <b>(Need to change this value - It's grayed out)             </b>

  Hi Joseph,
  Change the field in "Param Value" at the top.
  It will changed automatically the field value.
  Hope this helps,
  Erwan

• Capture data from Change Password form

  Hi All,
  I am trying to capture an error in the "Change Password Form". This error gets generated because of a custom java API call I make in the form. I want to show the error on the "Change Password Results" page. I tried to set the error message as a request attribute, but it seems the attribute is lost somewhere during the transit to changePasswordResults.jsp. I even tried to get the request attribute from "Change Password Workflow", but that didn't work either.
  Could anyone suggest me if we can set a variable/attribute/parameter from the "Change Password Form" so that I can use it in a later form/workflow/JSP?
  Thanks
  Edited by: bibs22 on Jun 12, 2008 5:46 PM

  It's not very well documented but have a look at http://docs.sun.com/app/docs/doc/820-5821/bvbih?l=en&a=view&q=baseContext in the section at the very bottom titled "Using the variables Attribute".
  You can define a baseContext in your form that will allow you to get access to the workflow variables.
  For example:
  <Form name="My Form" baseContext='variables'>
    <Field name=":variables.myworkflowvariable">
    </Field>
  </Form>

• Customize change password logic

  Hi guys,
  We are working on EP 6.0, We need to make our own change password logic for first time user login. ( e.g  new password should be > 10 long,  if he makes a number of unsuccesful operation, his account will be locked , etc...)
  For current change password logic, the system calls some .class file provided by SAP.
  Can we change the logic of orginal .class ? if not, how can we create our own and use it?
  Regards,
  Guo Feng

  Hi Feng,
  You could take a look at the Blog I once posted with its attached Wiki Page where I placed the Source code. You will find it here:
  A Change Password Application
  However I customized it for a different reason. You can modify the application to add in your business logic.
  Let me know if you need more help.
  Hope this helped.
  Prem