Question - Login/min_password_digits to 1

Hello,
We are adding complexity on our passwords. We have tested "Login/min_password_digits to 1" in DEV and QA successfully and ready to move to PROD. The numeric value on passwords is now being required. I have overlooked one possibility and could not test without delaying the deployment for another week since system restart is only on the weekends. My question is the u201Cwhat ifu201D in the scenario I was not able to test.
What happens to the user/users with password that currently do NOT have any numeric value/values? Do they get immediately prompted to change their password with numeric when "Login/min_password_digits to 1" is in effect or only when their password expired and prompted to change?
We are running ECC 6.0 and SAPGUI: 710 Final Release, version 7100.2.8.1039, patch level 8.
Thanks in advance.
John N.

Julius Bussche wrote:Julius Bussche wrote:Julius Bussche wrote:>
> > No, you are wrong - communication users are (in principle) also subject of the password change requirements.
> > See note 622464.
> Not in principle, but John's observation is correct in practice. This is not default behaviour either.
Well - if a password change is currently not enforced although it should be, then this is nothing one should rely on ...
> > But you can configure the system (by setting login/password_compliance_to_current_policy to value 1) to check every time a password is validated whether it's still compliant with the current password rule.
> Not every time. A SYSTEM and SERVICE type user's password would not be subject to this, even if it was activated.
Yes, you are right - that point I've forgotten to mention in my posting (but it's documented in the system: the RZ11 documentation of that profile parameter is quite precise).
>
> To mimic any downward compatibility or client programs which might set the PWD to UPPER CASE, I simply don't force a lower case password and for special users change the generated characters to UPPER CASE and ensure that the it does not exceed 8 characters.
Sorry, that's not entirely true: even if you do not enforce the usage of lower-case characters in passwords this does not ensure that you obtain downwards-compatible passwords: as long as you do not prevent the usage of lower-case characters and as long as you do not prevent the usage of passwords which consist of more than 8 characters, you have to deal with (potentially) downwards-incompatible passwords.
>
> But my weapon of choice against this is still rfc/reject expiredpassword and now also icf/reject_expired_password. I find these parameters very efficient in keeping security up to scratch, if the implementation (or clean-up) was done thoroughly.
Do you really think that those two parameters can be set to non-default values in productive systems? I have my (personal) doubts - they are main switches ("on" / "off") effecting the entire system.

Similar Messages

Login/min_password_digits

Hi there,
I have one application server and one database server for our ECC6. When I tried to change the password for a user in the application server, the system is saying that 'Password should contain 22 digits'. However, this is not happening when I do the password changing in my database server. I checked the value for login/min_password_digits and I notice the following:
In Central Instance,
     via RZ10, login/min_password_digits for both application and database profile = 2
     via RZ11, login/min_password_digits = 2
In Application Server
     via RZ10, login/min_password_digits for both application and database profile = 2
     via RZ11, login/min_password_digits = 22
How to I change the value of login/min_password_digits to 2 (instead of 22) in the application server?
Thanks

Hi,
If this doesn't resolve it, check that the parameter isn't set in the Instance profile of your Application server using transaction RZ10.
Regards.
Steve.

Inconsistant Question Login Behavior

Hello all,
I am working on implementing our requirements for forgotten password authentication questions. We have a somewhat unique policy regarding this. We want to always have a specific question asked. Then have 2 questions asked that are chosen from a random set. Then have 1 user defined question asked. Since there is no out of the box policy that captures this, I have been working to implement a solution. What I came up with was to redefine the fieldloop in the Question Login Form. Instead of looping through 'questions[*].name' I have it evaluate an expression I wrote. The expression selects questions based on the policy I outlined above. The form is working great. It displays the proper questions in line with our policy. The problem is the authentication of the questions. I have the policy set to 'any'. If I set it to 4 questions, which is how many I am asking, then the application will never let me authenticate. It will continually give me the 'Please answer at least 4 questions' error. At the suggestion of Dana from Aegis, I set the any policy to require only 1 question. The two required questions (the user defined and the admin defined questions) always work fine. However the two random questions work only sporadically. Sometimes I have to enter the answer for one of the random questions as many as 3 or 4 times before it will get excepted. This behavior seems weird. It is not consistent at all.
We are using IdM 6.0 with no service packs. Has anyone ran into this before? Does anyone have any advice about it?

Hi Jim, I had to build the following workflow to implement the password reset. You can tweak activity 3 'Select Questions' to do what you need. This workflow is not finished; it always selects the first three questions; but it I think it is usable.
Have fun with it. Theo
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE TaskDefinition PUBLIC 'waveset.dtd' 'waveset.dtd'>
<TaskDefinition authType='UserAdminTask' name='Task-FindLostPassword' creator='therijn' createDate='1145528788789' lastModifier='therijn' lastModDate='1146135380583' lastMod='536' wstype='ProvisioningTask' taskType='Workflow' executor='com.waveset.workflow.WorkflowExecutor' syncControlAllowed='true' execMode='sync' execLimit='0' resultLimit='3600' resultOption='delete' visibility='run' progressInterval='0'>
<Extension>
 <WFProcess name='Task-FindLostPassword' title='Find Lost Password' maxSteps='0'>
 <Comments>This process allows an anonymous user to authenticate using the security questions and reset the password.</Comments>
 <Variable name='actionWF' value='findPassword'>
 <Comments>This attribute is used to distinguish between the various actions on the forms.</Comments>
 </Variable>
 <Variable name='userview'/>
 <Variable name='selectedQuestions'/>
 <Variable name='answersOK'>
 <Boolean>true</Boolean>
 </Variable>
 <Variable name='attemptsCount'>
 <Integer>0</Integer>
 </Variable>
 <Activity id='0' name='start'>
 <Transition to='Get Questions'/>
 <WorkflowEditor x='43' y='10'/>
 </Activity>
 <Activity id='1' name='Get Questions'>
 <Action id='0' application='com.waveset.session.WorkflowServices'>
 <Argument name='op' value='getView'/>
 <Argument name='type' value='User'/>
 <Argument name='id'>
 <ref>accountId</ref>
 </Argument>
 <Argument name='options'>
 <Map>
 <MapEntry key='noFetch' value='true'/>
 </Map>
 </Argument>
 <Return from='view' to='userview'/>
 </Action>
 <Transition to='Check Email'/>
 <WorkflowEditor x='122' y='10'/>
 </Activity>
 <Activity id='2' name='Check Email'>
 <Transition to='SetExitMessage'>
 <isnull>
 <ref>userview.accounts[LDAP].email</ref>
 </isnull>
 </Transition>
 <Transition to='SetExitMessage'>
 <isFalse>
 <rule name='RLE-emailValidityAndDomainCheck'>
 <argument name='emailAddress' value='$(userview.accounts[LDAP].email)'/>
 </rule>
 </isFalse>
 </Transition>
 <Transition to='Select Questions'/>
 <WorkflowEditor x='217' y='10'/>
 </Activity>
 <Activity id='3' name='Select Questions'>
 <Action id='0' name='Select questions'>
 <expression>
 <block>
 <defvar name='counter'>
 0
 </defvar>
 <dolist name='iterator'>
 <ref>userview.waveset.questions</ref>
 <block>
 <cond>
 <and>
 <lt>
 <ref>counter</ref>
 3
 </lt>
 <not>
 <isnull>
 <invoke name='get'>
 <ref>iterator</ref>
 <s>answer</s>
 </invoke>
 </isnull>
 </not>
 </and>
 <block>
 <set name='counter'>
 <add>
 <ref>counter</ref>
 1
 </add>
 </set>
 <set name='selectedQuestions[$(name)].answer'>
 <s></s>
 </set>
 <set name='selectedQuestions[$(name)].origional_answer'>
 <invoke name='get'>
 <ref>iterator</ref>
 <s>answer</s>
 </invoke>
 </set>
 <set name='selectedQuestions[$(name)].question'>
 <invoke name='get'>
 <ref>iterator</ref>
 <s>question</s>
 </invoke>
 </set>
 <set name='selectedQuestions[$(name)].name'>
 <invoke name='get'>
 <ref>iterator</ref>
 <s>name</s>
 </invoke>
 </set>
 </block>
 </cond>
 </block>
 </dolist>
 </block>
 </expression>
 </Action>
 <Transition to='SetExitMessage'>
 <lt>
 <length>
 <ref>selectedQuestions</ref>
 </length>
 3
 </lt>
 </Transition>
 <Transition to='Get Answers'/>
 <WorkflowEditor x='318' y='125'/>
 </Activity>
 <Activity id='4' name='Get Answers'>
 <Variable name='formButton'/>
 <ManualAction id='0' name='Show Authentication Answers' timeout='15' syncExec='true'>
 <WorkItemDescription>
 <s>Show Authentication Answers</s>
 </WorkItemDescription>
 <Owner>
 <ref>WF_CASE_OWNER</ref>
 </Owner>
 <Form noDefaultButtons='true'>
 <Display class='EditForm'>
 <Property name='title' value='Answers Authentication Questions'/>
 <Property name='subTitle' value='If you answer all questions correct your password will be reset and send to your email address. The answers and not case sensitive. Do not attempt to guess the answers if the name is not your name.'/>
 </Display>
 <Field name='variables.userview.accounts[LDAP].fullname'>
 <Display class='Label'>
 <Property name='title' value='_FM_FULLNAME'/>
 </Display>
 </Field>
 <Field>
 <Display class='Label'>
 <Property name='value' value='Please answer all questions correct.'/>
 <Property name='font' value='testFontStyle'/>
 <Property name='color' value='#ff0000'/>
 </Display>
 <Disable>
 <isTrue>
 <ref>variables.answersOK</ref>
 </isTrue>
 </Disable>
 </Field>
 <Field>
 <FieldLoop for='name' in='variables.selectedQuestions[*].name'>
 <Field name='variables.selectedQuestions[$(name)].answer'>
 <Display class='Text'>
 <Property name='title'>
 <concat>
 <ref>variables.selectedQuestions[<ref>name</ref>].question</ref>
 <s>:</s>
 </concat>
 </Property>
 <Property name='width' value='300'/>
 </Display>
 </Field>
 </FieldLoop>
 </Field>
 <Field name='complete' type='string'>
 <Default>
 <s>true</s>
 </Default>
 </Field>
 <Field button='true'>
 <Display class='Button'>
 <Property name='name' value='variables.formButton'/>
 <Property name='label' value='Continue'/>
 <Property name='command' value='Save'/>
 <Property name='value' value='continue'/>
 </Display>
 </Field>
 <Field button='true'>
 <Display class='Button'>
 <Property name='name' value='variables.formButton'/>
 <Property name='label' value='Cancel'/>
 <Property name='command' value='SaveNoValidate'/>
 <Property name='value' value='cancel'/>
 </Display>
 </Field>
 </Form>
 </ManualAction>
 <Transition to='SetCanceledMessage'>
 <eq>
 <ref>formButton</ref>
 <s>cancel</s>
 </eq>
 </Transition>
 <Transition to='Check Attempts'/>
 <WorkflowEditor x='421' y='137'/>
 </Activity>
 <Activity id='5' name='Check Attempts'>
 <Action id='0'>
 <expression>
 <set name='attemptsCount'>
 <add>
 1
 <ref>attemptsCount</ref>
 </add>
 </set>
 </expression>
 </Action>
 <Transition to='SetTooManyAttemptsMessage'>
 <gt>
 <ref>attemptsCount</ref>
 3
 </gt>
 </Transition>
 <Transition to='Check Answers'/>
 <WorkflowEditor x='540' y='137'/>
 </Activity>
 <Activity id='6' name='Check Answers'>
 <Action id='0'>
 <expression>
 <block>
 <set name='answersOK'>
 <Boolean>true</Boolean>
 </set>
 <dolist name='iterator'>
 <ref>selectedQuestions</ref>
 <cond>
 <neq>
 <upcase>
 <trim>
 <invoke name='get'>
 <ref>iterator</ref>
 <s>answer</s>
 </invoke>
 </trim>
 </upcase>
 <invoke name='get'>
 <ref>iterator</ref>
 <s>origional_answer</s>
 </invoke>
 </neq>
 <set name='answersOK'>
 <Boolean>false</Boolean>
 </set>
 </cond>
 </dolist>
 <cond>
 <isFalse>
 <ref>answersOK</ref>
 </isFalse>
 <s>You must correctly answer all 3 questions</s>
 </cond>
 </block>
 </expression>
 </Action>
 <Transition to='Get Answers'>
 <isFalse>
 <ref>answersOK</ref>
 </isFalse>
 </Transition>
 <Transition to='resetPassword'/>
 <WorkflowEditor x='468' y='248'/>
 </Activity>
 <Activity id='7' name='SetResetPasswordMessage'>
 <Comments>Too many attemps; lock the account will be locked for the next 30 minutes.</Comments>
 <Action id='0' application='SET_RESULT'>
 <Argument name='name' value='WFExitMessage'/>
 <Argument name='type' value='String'/>
 <Argument name='value' value='Your password has been reset. Please check your email.'/>
 </Action>
 <Transition to='end'/>
 <WorkflowEditor x='618' y='166'/>
 </Activity>
 <Activity id='8' name='SetTooManyAttemptsMessage'>
 <Comments>Too many attemps; lock the account will be locked for the next 30 minutes.</Comments>
 <Action id='0' application='SET_RESULT'>
 <Argument name='name' value='WFExitMessage'/>
 <Argument name='type' value='String'/>
 <Argument name='value' value='Too many attemps; your account will be locked for the next 30 minutes.'/>
 </Action>
 <Transition to='end'/>
 <WorkflowEditor x='626' y='27'/>
 </Activity>
 <Activity id='9' name='SetExitMessage'>
 <Comments>Give one common error message so that hackers cannot 'guess' information about or users.</Comments>
 <Action id='0' application='SET_RESULT'>
 <Argument name='name' value='WFExitMessage'/>
 <Argument name='type' value='String'/>
 <Argument name='value' value='Due to a problem with your data we cannot authenticate you using the security questions. Your UserID does not exists, your email address is missing or invalid or you have not answered the security questions.'/>
 </Action>
 <Transition to='end'/>
 <WorkflowEditor x='319' y='10'/>
 </Activity>
 <Activity id='10' name='end'>
 <WorkflowEditor x='421' y='10'/>
 </Activity>
 <Activity id='11' name='resetPassword'>
 <Action id='0' name='Prelude'>
 <expression>
 <set name='actionWF'>
 <s>resetPassword</s>
 </set>
 </expression>
 </Action>
 <Action id='1' process='Reset the Password'>
 <Argument name='adminEmailAddress'/>
 <Argument name='notificationEmailToAddress'>
 <Boolean>false</Boolean>
 </Argument>
 <Argument name='accountId' value='$(accountId)'/>
 <Return from='result' to='result'/>
 <SubProcess>
 <ObjectRef type='Configuration' name='TaskSubProc-ResetPassword'/>
 </SubProcess>
 </Action>
 <Transition to='SetResetPasswordMessage'/>
 <WorkflowEditor x='698' y='248'/>
 </Activity>
 <Activity id='12' name='SetCanceledMessage'>
 <Comments>Set the message that the action is canceled.</Comments>
 <Action id='0' application='SET_RESULT'>
 <Argument name='name' value='WFExitMessage'/>
 <Argument name='type' value='String'/>
 <Argument name='value' value='You canceled answering the authentication questions.'/>
 </Action>
 <Transition to='end'/>
 <WorkflowEditor x='403' y='90'/>
 </Activity>
 </WFProcess>
</Extension>
<Description>Reset the User's password after the security questions are answered correctly.</Description>
<MemberObjectGroups>
 <ObjectRef type='ObjectGroup' id='#ID#Top' name='Top'/>
</MemberObjectGroups>
</TaskDefinition>

Verify Email for Question Login

Hello all,
I am trying to verify another data value, such as a users email (just an example) during the forgotten password process. I can add the field to the Question Login Form, but I do not see how to carry it over to the Question Login workflow. The Question Login workflow seems to take in information after an valid or not valid login decision has been made. Where is this decision made? I need to modify this decision making process to include my own variables...

As requested:
getRandomIndexes:
<Rule name='getRandomIndexes'>
<Description>Return a list of random indexes in the range provided.</Description>
<RuleArgument name='startOfRange'>
<Comments>The begining of the range for the indexes.</Comments>
</RuleArgument>
<RuleArgument name='endOfRange'>
<Comments>The end of the range for the indexes.</Comments>
</RuleArgument>
<RuleArgument name='numberOfIndexes'>
<Comments>The number of random indexes to return.</Comments>
</RuleArgument>
<block>
<defvar name='randomInt'>
<rule name='getRandomIndex'>
<argument name='startOfRange' value='$(startOfRange)'/>
<argument name='endOfRange' value='$(endOfRange)'/>
</rule>
</defvar>
<defvar name='indexList'>
<list/>
</defvar>
<defvar name='forLoopIndex'>
0
</defvar>
<while>
<gt>
<ref>numberOfIndexes</ref>
<ref>forLoopIndex</ref>
</gt>
<while>
<contains>
<ref>indexList</ref>
<ref>randomInt</ref>
</contains>
<set name='randomInt'>
<rule name='getRandomIndex'>
<argument name='startOfRange' value='$(startOfRange)'/>
<argument name='endOfRange' value='$(endOfRange)'/>
</rule>
</set>
</while>
<append name='indexList'>
<ref>randomInt</ref>
</append>
<set name='forLoopIndex'>
<add>
<ref>forLoopIndex</ref>
1
</add>
</set>
</while>
<ref>indexList</ref>
</block>
</Rule>
And just for fun, here is getRandomIndex:
<Rule name='getRandomIndex'>
<Description>Return a random index in the range provided.</Description>
<RuleArgument name='startOfRange'>
<Comments>The begining of the index range.</Comments>
</RuleArgument>
<RuleArgument name='endOfRange'>
<Comments>The ed of the range to provide an index between.</Comments>
</RuleArgument>
<block>
<defvar name='possibleIndex'>
<mod>
<invoke name='nextInt' class='com.waveset.util.RandomGen'/>

<ref>endOfRange</ref>
<ref>startOfRange</ref>

</mod>
</defvar>
<set name='possibleIndex'>
<cond>
<lt>
<ref>possibleIndex</ref>
0
</lt>
<mult>
-1
<ref>possibleIndex</ref>
</mult>
<ref>possibleIndex</ref>
</cond>
</set>
<set name='possibleIndex'>
<add>
<ref>possibleIndex</ref>
<ref>startOfRange</ref>
</add>
</set>
<ref>possibleIndex</ref>
</block>
</Rule>

Question. login to fluxbox. autostart command. don't sudo. ?

The system includes a normal user (via the console).
He called FLUXBOX.
How can I make this addition to the three revealed a terminal window as root with some of these teams?
p.s: without using sudo. all automatically should be.

I'm sorry. I don't understand. Is this correct?
boot -> normal user login -> start X and Fluxbox -> autostart terminal window as root
Add "sudo xterm &" in the file "~/.fluxbox/startup".
To remove the "sudo" password, use "visudo". http://wiki.archlinux.org/index.php/Sudo
I think an automatic xterm with root is dangerous.

Setting flags on question login

Hi,
I'm trying to set an attribute on the user object when the user goes through the QuestionLogin workflow.
The behavior I've observed is that if I checkout the user using "checkout view":
<Action id='1' name='checkoutview' application='com.waveset.session.WorkflowServices'>
<Argument name='op' value='checkoutView'/>
and then try to checkin the view:
<Action id='1' name='Check In View' application='com.waveset.session.WorkflowServices'>
<Argument name='op' value='checkinView'/>
<Argument name='view'>
the user locks up.
HOWEVER, if I "get" a user view: (NOTE that's it's a "getView", not a "checkout view")
<Action id='1' name='getUser' application='com.waveset.session.WorkflowServices'>
<Argument name='op' value='getView'/>
and then I try to check it in (which shouldn't work), the attributes I'm manipulating are actually saved!!
If I do a "getView" and don't check anything in, none of the changes are saved.
It seems to me like this is a product bug - perhaps there are overlapping pointers somewhere? Can anyone speak to this anomaly?
I'm on version 7.0 (which may be an issue in and of itself :) )
Thanks

You are right Tushir, It depends on the template used.
@ William::Well Is it possible for you to Acknowledge ur Chassis?
It might help to solve your problem.,,,,Well its just a try and dont forget that the entire Hardware Config will be re read if you acknowldege ur Chassis.

Php question-login database code

If i wanted to create a new table on my database, how would i specify the table name in the following code:
mysql_select_db("db240266096") or die(mysql_error());
thanks!

Here's the problem. I can't tell you exactly what to do because I don't know your table structure or anything about what types of data needs to be held in each field. Typically after you select the database as you have begun to do you write the next line of PHP as "mysql_query("CREATE TABLE table_name ( *** )");". The *** here is what I cannot fill in. In there you have to define fields, field type, characters, NULL or NOT NULL, auto_increment, then you need to set keys.
If you are just beginning and building a new script yourself, I would typically recommend that someone in your shoes use a visual editor like phpMyAdmin as opposed to writing your own queries. This will allow you to set these options and add fields in a visual editor as opposed to handwriting the query. Then if you want to back it up or install it someone else, you can export the SQL statements from phpMyAdmin and upload it somewhere else.

Enhanced login security and password ageing in SAP R3 Enterprise 110

Hi,
today we will activate "Enhanced login security and password ageing" on our R3 (SAP R3 Enterprise 110) development environment.
new parameters
Enhanced login security and password ageing
login/min_password_lng = 8
login/password_expiration_time = 365
login/min_password_diff = 2
login/min_password_letters = 1
login/min_password_digits = 1
anyone any expirience on possible problems which can occur after activating these new settings.
Many thanks in advance
Patrick Van Vlerken

No... this should do what it sais in the tin.
Read,
http://www.*********************/password_sap.htm
Regards
Juan

Anonymous User Login

Hi All,
I have an issue with 'Forgot Password' button in the end user login. When a Forgot Password button is clicked, a Question Login workflow will trigger (I think I am right?) .Now I would like to customize the 'Question Login' workflow as per my requirements, but unfortunately I am not, I modified the system configuration object, but still with no luck I am not able to customize that workflow.
So I thought of using anonymous login page and I can launch my own workflow as per my requirements. I have registered my workflow at 'anonymous end user tasks'. and I try to launch the anonymous login page using the url 'http://localhost:8080/idm/user/anonlogin.jsp'. I am getting the following errors.
An unrecoverable error has occurred processing the request. Contact your system administrator.
Syslog ID = LG-1111-024933.
Only the Reset Administrator may access this view.
I don't know, where I am doing wrong. For the first time I am trying to use anonymous login page.
Did anybody faced similar problems?
Can anybody please post some points, like what is the procedure to use a Anonymous login page?
Thanks in advance

Well, first, I visited Configure > User Interface, and enabled Anonymous Enrollment.
Next, I went to user/login.jsp, and saw "Request Account". I clicked on it, and up popped the user/anonEnrollment.jsp page. (I was looking at using this for one of our requirements; turned out I didn't need it, and did something else).
Anyway, a quick check with Live HTTP Headers for Firefox shows that the post was directly to anonEnrollment.jsp; anonEnrollment.jsp has this at the top:
String anonUser = LoginHelper.getAnonymousUser(session);
if (anonUser == null) {
    String url = "user/login.jsp";
    LoginHelper.redirect(req, out, url);
    return;
}Not a huge amount of help. However, it does establish that there is an "getAnonymousUser" method, which is documented to return "the currently registered anonymous user name if any". And reading the Workflows, Forms, and Views manual, it states that the anonymous main page is for "... when a user who does not have a Identity Manager account logs in, an Identity Manager user object is created ...". Basically, if you're using pass through auth, and have a source system that will let a user authenticate, they can then set themselves up.
So, I visited "anonmain.jsp" after clearing all cookies, and up popped "anonlogin.jsp", with a login box. I entered "anonymous", and lo!, I was logged in, and saw the anonymous user menu. In other words, I was "provisionally" logged in with an account that doesn't really exist (anonymous).
However, I had to provide that extra bit of information, namely, my "fake" user name of "anonymous". I don't know how you'd do that without JSP customization.
Basically, "anonymous" means "has a username, but we don't have an account", rather than "truely anonymous" as near as I can tell. The system will do it for you in the case of "Request Account" (the generated login page has some Javascript code to redirect to anonEnrollment.jsp), but it doesn't seem to be an exposed API.
You might get somewhere with customizing the "Request Account" string in the messages catalogue, and then customizing the anonymous enrollment workflow.

Login/min_password_lng max value

Having recently set the below values we are experiencing problems when users place digits or specials at positions above 8. It appears that SAP does not check above character 8. Not at password change nor at login to SAP.
Profile Parameters Attributes for login/min_password_lng tells that minimum value is 3 and maximum value is 8. Does this really mean that anything above 8 is ignored?
This is quite a usability issue.
login/min_password_lng = 8
login/min_password_digits = 1
login/min_password_letters =1
login/min_password_specials = 1

>
Vito Fava wrote:
> Profile Parameters Attributes for login/min_password_lng tells that minimum value is 3 and maximum value is 8. Does this really mean that anything above 8 is ignored?
Hi Vito,
no.
This parameter sets only the minimum password length. It has no influence on the verification of input values after the 8th character.
From 7.00 on, the password can be longer than 8 characters. So up to 6.40 the maximum value of this parameter is 8, as the password cannot be longer. From 7.00 on, the max-value for this parameter is 40.
If you are on 7.00 and any input after the 8th character is ignored when logging on, you have set the parameter login/password_downwards_compatibility accordingly to 3,4,or 5 (5 is the most common).
b.rgds, Bernhard

SPM login Error

Hi there!!!
I need your help folks, this is the problem, when i try to logon with the Firefighter ID using the "/virsa/vfat " tcode, i get this message " login/min_password_* is too big", i reviewed the profile parameters (login) at SA38 (RSPARAM) report and looks right.
these are the profile parameters mentioned on error message 01414
Login/min_password_lng
Login/min_password_digits
Login/min_password_letters
Login/min_password_specials
and these are the values on my PRD
Login/min_password_lng=(empty, default value/6)
Login/min_password_digits=3
Login/min_password_letters=5
Login/min_password_specials=(empty, default value/0)
I think these values are according to SAP best practices.
This problem occurs only in PRD, i got the same profile parameters in Develop and works just fine
Thanks in advance
Cuauh!!!

Hi
what is the SAP version 4.7 or 6.0. if the sap version is 6.0, no need to maintain the password in Security tab on the fire fighter table.
user type should "Service"
Regards,
Arjuna

User locking at login failure

I have set for user locking 30 minutes after 6 fail attempts, in both password and question logins. Anyway, I realize that there are 2 different treatments as below:
1. when user fails to login with password after n times, user is locked for 30 minutes. User is unlocked correctly after 30 minutes.
2. when user fails to login with questions after n times, user is locked for good!
I don't understand why IdM treats both cases differently. Does anyone know how to treat the 2nd case just like the 1st case above?

Hi,
// check whether the user belongs to particular role
IWDClientUser wduser = WDClientUser.getCurrentUser();
IUser user= wduser.getSAPUser();
IUserAccount userAcc=usr.getUserAccounts()[0];
if(userACC.isMemberOfRole("",true)){
//check
For ref:
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/security-and-identity-management/p-r/protecting%20access%20to%20the%20web%20dynpro%20car%20rental%20application%20using%20ume%20permissions.pdf
Regards,
Naga

This system does not let you log on using a password

hi all, i am very new to sap basis. i have changed the below profile parameters in RZ10.
login/min_password_length=3
login/min_password_lowercase=1
login/min_password_uppercase=1
login/min_password_digits=2
login/min_password_specials=1
after changing values i restarted the Instance. But the problem is when i am trying to login to the system it is showing an error message : "This system does not let you log on using a password". I know why this error occurs...
but how to resolve this error? plz Help.
Thanks in advance

login/min_password_length=3
login/min_password_lowercase=1
login/min_password_uppercase=1
login/min_password_digits=2
login/min_password_specials=1
The correct parameter for Min password Lenght is login/min_password_lng.
You can change this at OS level restart and see how it goes...
Regards
Juan

User is locked in R/3 but still access the application through portal

We are currently on NW2004s SP10 .
We locked the User A in R/3 SRM backend system and from Enterprise Portal the same User A login and try to access the SRM application in backend . The system is allowing to access which we want to prevent .
The authentication ticket type is "SAP Logon Ticket" . The User A is trying to access ITS services through Portal.
Do we have specific SSO parameter which needs to set in backend SRM application .
Thanks
Chandrashekhar K

Hi
We have maintained the following profile parameter for SSO in our SRM system . From portal we are accessing the SRM system
login/accept_sso2_ticket          1
login/certificate_request_ca_url     https://tcs.mySAP.com/invoke/tc/usercert
login/certificate_request_subject     CN=&UNAME, OU=&WPOU, O=mySAP.com User, C=DE
login/create_sso2_ticket          0
login/disable_cpic               0
login/disable_multi_gui_login          0
login/disable_multi_rfc_login          0
login/disable_password_logon          0
login/failed_user_auto_unlock          0
login/fails_to_session_end          3
login/fails_to_user_lock          3
login/isolate_rfc_system_calls          0
login/min_password_diff               1
login/min_password_digits          0
login/min_password_letters          0
login/min_password_lng               6
login/min_password_specials          0
login/multi_login_users               HP
login/no_automatic_user_sapstar          1
login/password_change_for_SSO          0
login/password_charset               1
login/password_expiration_time          60
login/password_logon_usergroup
login/password_max_new_valid          0
login/password_max_reset_valid          0
login/system_client               400
login/ticket_expiration_time          60
login/ticket_only_by_https          0
login/ticket_only_to_host          0
login/ticketcache_entries_max          1000
login/ticketcache_off               0
login/update_logon_timestamp          m
Please suggest as to change any parameter value . We want to restrict the user to access SRM system from portal if he is locked int e SRM system.
Thanks

Security Parameter Problem in SAP ECC 6.0

Hi eveyone,
We have just activated the profile parameters written below in our new
SAP ECC 6.0 system.
login/min_password_lng = 6
login/min_password_digits = 1
login/min_password_letters = 1
login/fails_to_user_lock = 10
login/fails_to_session_end = 5
login/password_expiration_time = 90
We have tried to logon the system as DDIC, the system wanted a new
password. We have changed the password many times more than 5 times.
But when we try to give the old password, it still says that "The
password must be different from your last 5 passwords".
The problem goes on, even you inactivate the parameters in the profile
and restart the SAP.
How can we solve this problem?

Hi everyone,
I want active the profile parameter login/min_password_digits = 1 and
login/min_password_letters = 1 by RZ10. The system give the message:
E login/min_password_digits is not identified identically on all servers.
I changed this parameter on all servers but this message was always there.
Is it OK after restart system?
Best regards
Valachova Miroslava

Question - Login/min_password_digits to 1

Similar Messages

Maybe you are looking for