SAP Passwords
Dear All,
I' currently writing some perl scripts to integrate user management in SAP with our other systems.
Currently when you change a users password, it always prompts you to re-enter a new pwd.
Is there a profile parameter at all to switch this prompt off at all, so when you change a pwd in su01, the user keeps that password.
If thats makes sense at all.......
Many thanks
Regards
James
Hi James,
Yes it's possible but not via standard SAP programs.
Basically you should ask your developers / or develop yourself the program that would use batch input functions to update table USR02 with a new password. In order to set the password as permanent, date and time fields of USR02 should contain a valid data (not NULL). Here is the sample script on how to set TRDAT and LTIME so that the password wouldn't be treated as initial :
UPDATE USR02
SET TRDAT = SY-DATUM
LTIME = SY-UZEIT
WHERE BNAME = iTABLE-BNAME
Regards,
Mike
Similar Messages
-
Problems with the sap* password
Hi,
i have a problem with the sap* password.
I tried my masterpassword but it did not work.
So i tired the following from the Tread: Password problem with user DDIC
resetting password for sap*
sqlplus "/as sysdba"
sql> update sapsr3.usr02 set bname='SAP1' where bname='SAP' and MANDT=000;
sql> commit;
Bud it did not work. After i tried to delete the sap*1 from the table sapsr3.usr02 but it did not work.
sql>delete from sapsr3.usr02 where mandt='000' and bname = 'SAP*1';
I also restarted the instance after the commands. But i can not logon with 'sap*' and the password 'pass' .
Mybe someone can help me?
Regards
MikeStarting with release 7.00 based system you have to set
login/no_automatic_user_sapstart=0
in your instance profile and restart the instance.
Markus -
How to have SAP password sync with Windows AD password
Hi All,
Can someone guide me with the setup required to have the SAP password to be in sync with the Windows Active Directory password?
Thanks
VijayHello Vijay,
UME means User Management Engine which provides central user administration for all
Java applications. The UME is used as the default user store as of SAP Web Application
Server 6.40. The UME is integrated into SAP Web Application Server Java as a service.
The UME itself administers users and uses databases, directory services, or the
SAP ABAP user administration to store the data. With newer versions of SAP Web Application
Server, the UME is set as the default user store.
SAP recommends that, as of SAP Web Application Server Java
6.40, you use the UME, which is preconfigured by default during the
installation, as the user store.
The UME has its own user management administration console for
administering users. It allows to perform the routine tasks
of user administration, such as creating users and groups, role assignment,
and other actions.
The UME provides different self-service scenarios that can be used by
applications. For example, a user can change his or her data, or register as a
new user.
Security settings can be used to define minimum
password length and the number of incorrect logon attempts before a user is
locked etc
The UME logs unsuccessful logons,incorrect logon attempts,changes to user data etc
Hope this satisfies your querry to some extent.
Pl dont forget to award points if resolved.
Regards -
Default sap* password for new client copy ?
Hi Basis Expert,
What is the default password for sap*, i have create new client with SCC4 and i tried to login but failed.
please advise what is the default password for sap*.
i am using Netweaver 7.0 SP16.
Thank you and best regards
FernandHi!
If you followed the procedure, you should have set the profile parameter login/no_automatic_user_sapstar to 0 and restarted application server. After that you can login using SAP* and password PASS. -
Push SAP passwords to all child systems
Hi,
I use IDM 8.0 to connect a CUA.
Has anybody been able to push IDM password to CUA and all child systems (ECC, BI, SAP Portal, Solution Manager...) ?
I can only change password on the CUA but not on the child systems the users have access to.
When I change a user password in IDM, I can see in SAP logs that the password is changed in the CUA (if the user has access to the CUA, which is not the case for all the users) but instead of changing the user password in the child systems it only try to unlock it (which is useless).
Any help ?
Thanks,
BenFor your information, looks like it was a bug corrected in IdM 8.0 patch 8.
I didn't try it so I can't confirm it works now.
Ben -
Hi,
does a BAPI exists, that creates me the hash-value out of an entered plaintext password?
Am I am right, that the plaintext password for SAP-users is stored in table USR02 as a hash-value (field passcode)?
So my requirement is similar the requirement for user authentification, I want to create store the entered password in an transparent table and nobody should be able to recreate the plaintext out of the hash-value.
Many thanks for your help,
ChristophHang on a moment here... this will only fool an enduser, and not all of them either...
You should consider that anyone who can display your algorithm in the function can work out how to reverse the hash.
Also, even if you hide it, someone who can obtain the hashes can call your function from their own program and try to reproduce it using a dictionary attack (sooner or later it will match some cleartext string).
This is why SAP´s function is in the kernel, has a protected call stack (only to be called from known programs) and the hashes now have client specific attributes to them (code version F) and salted-hashes (code version H).
Cheers,
Julius -
Problem wuth sap* password in client 066
Hi,
I have jsut finish to install solution manger 4 on linux and i'm doing the post installation opération.
I have try to connect in client 000 and 001 with sap* and ddic and all is ok.
But with the client 066 i can't login with sap* ( i have enter the master password but nothing)...
like i can connect with this user i conected on this client (066) with user EarlyWatch/support.
i can launch the se16/usr02 and the 2 only user on this client are sap* and EarlyWatch....and i can't do the su01 transaction for unlock and give a password to sap*....
I have seen that with Brtool i can modifie a password but ihave never done this opération before and i wanted to knwo if the information in this link are good ( according to you)
http://fdf.cod.free.fr/screen1.JPG
http://fdf.cod.free.fr/screen2.JPG
If i accept to Continue with the brtool does sap* will be modifie with the password and more important does sap* will be unloked?
thx for any help.
Edited by: Fabrice BABY on Mar 13, 2008 4:13 PMHello Fabrice,
>> I have try to connect in client 000 and 001 with sap* and ddic and all is ok.
That is ok.
>> But with the client 066 i can't login with sap* ( i have enter the master password but nothing)...
That is ok, too. Please refer to the following documentation:
http://help.sap.com/saphelp_nw04/helpdata/en/52/671785439b11d1896f0000e8322d00/content.htm
Clients 000, 001 and 066 are created when your SAP System is installed. Two special users are defined in clients 000 and 001. Since these users have standard names and standard passwords, you must secure them against unauthorized use by outsiders who know of their existence.
Note that no special user is created in client 066
>> I have seen that with Brtool i can modifie a password but ihave never done this opération before
You can modify the password of the database users with the brtools ... not for SAP*.
Please refer to the following documentation:
http://help.sap.com/saphelp_nw70/helpdata/en/4f/c3883989676778e10000000a11402f/content.htm
Regards
Stefan -
Hi all!
I just created a new client in scc4 on my solman system.
When I try to login with sap* to do the client copy, I can´t.
I tried with the following passwords:
- pass
- 06071992
- 19920706
Any idea?
Greetings,
Wadih SaadPlease do these steps
1) Activate sap* user by adding profile parameter login/no_automatic_user_sapstar to 0 and restarting application server.
2) Now login to new client with sap* and PASS
Thanks
Prince Jose -
N4S Test Drive SAP* Password in New Client
I've just installed the N4S Test Drive, and created a new client to explore in. However, I can't log into that client as SAP* with the same default password used to log into client 001.
I've also tried the original date password, but without success - does anyone know what I should be using?
Many thanks.Hi,
first create following parameter in instance profile using RZ10,
login/no_automatic_user_sapstar -> 0
save and activate profile.
restart sap server.
now login with SAP* and password
regards,
kaushal -
hello,
sap* account has been locked for client 000 after entering wrong password couple of times in ecc6. can anyone show me the way to unlock the sap* account?
thanks,
abhijitHi Jadesja,
Since you did not mention the database type, below i am listing the methods to follow for both SQL & Oracle
MSSQL
u2022 Logon to database server as <sidadm> in D_WDF_R3 domain
u2022 invoke: Start --> Programs --> Microsoft SQL Server --> Query Analyzer
u2022 enter: SQL server : u2018.u2019 means current server connect using : Windows authentication
u2022 choose needed DB instance in selection field Now you're able to execute SQL statements:
u2022 To view the entries of the "sap" user type in the following command: select MANDT, BNAME, UFLAG from <db_schema>.USR02 where MANDT=000 and BNAME='SAP' (maybe you have to change "mandt" to your client; <db-user> is case sensitive)
u2022 To simply unlock SAP* in client 000, without having to delete it: update <db_schema>.USR02 set UFLAG=0 where BNAME='SAP*' and MANDT=000
u2022 execute --> press F5
u2022 close Query Analyzer
ORACLE >= 9.x
u2022 Logon to database server and switch to ora<SID> user (e.g. oraalr) under UNIX (<sidadm> under Windows). Under Windows check correct settings of environment (ORASID, ...). Start the database server manager with the command: sqlplus "/as sysdba" Now you're able to execute SQL statements:
u2022 to view the entries of the "sap" user type in following command: select MANDT, BNAME, UFLAG from <db_schema>.USR02 where MANDT='000' and BNAME='SAP'; (maybe you have to change "mandt" to your client)
u2022 To simply unlock SAP* in client 000, without having to delete it: update <db_schema>.USR02 set UFLAG=0 where BNAME='SAP*' and MANDT=u2019000u2019;
u2022 exit -> exit the server manager
Regards
Sekhar -
Company password compliance by using SAP password paremeters
Hello,
I have a small issue getting our SAP system in compliance with our IT password guidelines. Some items are easily synced by the change of a value in a particular parameter, however several will not work for me. Those guidelines that do not work belong to SAP ids' such as DDIC and SAP* and a few others. These IDs' I do not want to expire due to the impact they will have on the system.
Can anyone offer advice on what could I use? Also, is anyone using the "Login/password_login_usergroup" parameter? If so, please explain.
Thank you in advance!
Edited by: Keith Hatcher on May 4, 2011 10:10 AMHi Kumar,
Try then to import the Portal certificate into your R/3 System.
Proceed as follow :
1) in the Portal
GoTo System Administration -> System Config -> Keystore Admin
Tab : Content, select in combo box "SAPLogonTicketKeypaiur-cert" and click on "Download verify.der File"
2) unzip the verify.der.zip file to have the verfy.der available
3) in the R/3 system :
launch transaction /nSTrustSSO2
select System PSE
in the middle frame, import the EP certificate you just export
then click on "Add to certificate List"
Save
And try again
Hope this help
Vincent
P.S. Do not hesitate to reword points for ANY helpfull answer. -
SAP Password Reset for user opted system / client
Hello, we have a requirement where the user will log on using LDAP and go to the portal and from the web page opt to reset the system and client where he/she wants to reset to his specified password using CUA. This is similar to as specified in
www.microsoft-sap.com/pdf/Password_Reset.pdf
Problem is : Is there a way to reset the corresponding (non production) systems password as done in SU01 through abap. creating a bdc recording of su01 and running does not seem to work. Nor does SUSR_USER_CHANGE_PASSWORD_RFC as the user does not know his current password. Any solution / way out by BAPI calls (maybe) along with their sequence info would be appreciated.Surpreet,
I tried that. But this happens : The function executes successfully with status 0 and message as User xxxx has been changed but when that user tries to logon with that password then it fails meaning it really did not change . This happens for all destination systems other than current logon system.
Question: is there another process to synchronize the change or commit i have to run/ call. I thought SAP took care of it automatically. -
Hi,
I wanted to check the password of the login created using SU01. Please let me know if any RFCs are there for this.
Thanks,
SrikanthHi,
Thanks. But when i pass the login name and password to the RFC, it says Name or Password is incorrect.
But i am able to login into the system using the same user name and password.
Regards,
Srikanth -
Initial password for SAP* in SAP NetWeaver 2004s ABAP Edition
Hello,
I have just installed the SAP NetWeaver 2004s ABAP Edition on my PC and I want to setup some new clients to simulate an ALE model.
Does anyone know the initial password for SAP* ?
I have already tried PASS and pass because I know it is case -sensitive now but it did not work.
Thanks a lot.
Wim Van den WyngaertHi,
initial SAP* password is 06071992
DDIC is 19920706 -
Change SAP BI Password from BO Client Tools / Infoview, SAP Authentication
Hi,
We are using SAP BI BO Integration Kit (BO XI 3.1, SAP BI 7.0) & able to use SAP BI Queries with WebI, Xcelsius etc.
For a user group, we would be providing only Infoview access (using SAP Authentication). This means we would not want to install any BO Client Tools, SAP GUI or SAP Integration Kit Client, on user desktop.
We are faced with a issue - How does the user change password from Infoview (this is an SAP BI User ID used to login from Infoview).
Initial Password of SAP BI User cannot be changed from Infoview, since it doesnot prompt for changing the Initial Password.
Any ideas how to handle this situation.
regards,
Rajesh K SarinHi Erwin,
no. Also within BI4 you are not able to change your SAP password.
The Workaroung of Ingo is very suitable using SAP GUI for HTML.
You can vote this idea on idea place:
https://ideaplace.brightidea.com/ct/ct_a_view_idea.bix?c=BB5523E4-062F-4420-B35F-0B1F0D4769A9&idea_id=CBAD2E43-C21E-4809-A0B0-CFD3B9551A41#
Regards
-Seb.
Maybe you are looking for
-
My iPad has froze. How do I unfreeze my iPad?
-
OMG! Okay, sorry I have Vista, but Apple stop with the terrible updates!
I just updated to iTunes 9, now every time I go to play a video, TV show or movie, iTunes crashes and stops working. It plays music just fine but nothing video. I also can't see the video previews in the iTunes store. The window stays black. Anyone h
-
SMS Problems with portuguese special caracters
I´ve recently installed the upgrade for ios 6, I became aware that when I use portuguese special caracters(i.e. ç ã á..etc) in an SMS message the system splits into two messages. Does anyone know if there is a solution for this problem?
-
computer crashed and when I re-loaded Thunderbird it asked me to set up an account or use existing account so I said use existing account so know I receive E-mails in both accounts. If I delete one will it delete both with that account name?
-
OS: Windows XP Professional ColdFusion: 8 Developers DB: SQL Server 2005 This CFCHART page used to be working fine, but after formatting the hard drive and reinstalling the OS, CFCHART is not working any more without any change on code. All other Col