Parameter
login/disable_password_logon
Short text
Deactivate password-based logon
Parameter Description
There are several types of user authentication:
• Using password (conventional logon)
• Using an external security product (SNC)
• Using an X.509 browser certificate (intranet/Internet)
• Using a Workplace Single Sign-On (SSO) ticket
The default logon method is password user authentication. When using other types of authentication methods (see above), you may want to deactivate the password-based logon option (login/disable_password_logon).
Caution
Only deactivate password-based logon, when you are sure that all users can log on using another method (using SNC, X.509, or SSO ticket).
Application Area
Logon
Default Value
0 (password-based logon is possible)
Who is permitted to make changes?
Customer
Operating System Restrictions
None
Database System Restrictions
None
Are other parameters affected or dependent?
login/password_logon_usergroup Users in this group can still log on using a password.
snc/enable
• snc/accept_insecure_gui SNC dialog logon
• snc/accept_insecure_rfc SNC-secure RFC logon
• snc/accept_insecure_cpic SNC-secure CPIC logon
• snc/extid_login_diag X.509 dialog logon
• snc/extid_login_rfc X.509 RFC logon
• login/accept_sso2_ticket SAP logon ticket
login/fails_to_user_lock Incorrect password logons
login/failed_user_auto_unlock
login/password_change_waittime Password changes
login/password_expiration_time
login/password_change_for_SSO
login/password_history_size
login/password_max_idle_initial Validity period of
login/password_max_idle_productive Passwords
Values allowed
0 / 1 / 2
Value 0
Password logon is possible (exception: SNC required)
Value 1
Password logon only for users of the group specified by login/password_logon_usergroup
Value 2
Password logon is no longer possible in general
Note
This profile parameter is server-specific; this means server instances can have different parameter values.
