SAP user cannot enter password more than 8 characters

Posted by — November 24, 2012 in SAP SECURITY Leave a reply

Symptom

You cannot enter password more than 8 characters even you had set the parameter login/min_password_lng > 8.

Caused

• Older ABAP systems (before kernel release 7.0) can only process passwords that consist of a maximum of 8 characters, and lower-case characters that are entered are automatically converted to upper-case.

• Newer ABAP systems (as of kernel release 7.0) allow the use of passwords that can consist of up to 40 characters, and any characters can be used, and the passwords are case-sensitive. In non-Unicode systems, however, that a user might not be able to enter a password assigned by a user administrator due to different code pages (depending on the logon language). In this case, we recommend that you use only ASCII characters. This is taken into account in the generation of passwords.

• A password that contains more than eight characters or at least one lower-case letter (note that lower-case letters entered in newer systems are no longer automatically converted into upper-case) is not backward compatible:

• If a communication connection is created from an older system to a newer system for which a password logon is to be performed, problems occur if you do not are not using backward compatible passwords.

Solution

1. Ensure the parameter login/min_password_lng is set to more than 8.

2. Set the parameter login/password_downwards_compatibility to 0.

Note

• If the parameter value is 0:
The password rules apply without exception for all useres; the password rules force the assignment of backward incompatible passwords, meaning that service and system users are also affected.

• If the parameter value is 1 (default setting) to 4:
(Contrary to the password rules), you can also assign backward compatible passwords for service and system users. The password rules apply without exception for other user types, however.

• If the parameter value is 5:
Only backward compatible passwords are issued in general (that is, for all users)

• If the password rules are diluted (for service/system users), so that the assignment of backward compatible passwords is possible, this is done in the following way:

– The profile parameters login/min_password_lowercase and login/min_password_uppercase are ignored
– The maximum values of profile parameter login/min_password_lng, login/min_password_digits, login/min_password_letters and login/min_password_specials are reduced to the value 8; if the parameters are set to higher values, the value 8 is used as the effective parameter value.
– The same applies if the parameter login/password_downwards_compatibility is set to the value 5.

You May Also Like

SAML2: Format ’emailAddress’ is not supported for user assignment

Internal error – NUMBER_GET_NEXT call error (SU01)

SNCCONFIG: Displaying the SNC Configuration for Application Server ABAP

How to mass update the SNC Name/Canonical Name of SAP User

Leave a Reply?