login/ password_downwards_compatibility

Posted by — January 19, 2015 in SAP PARAMETER Leave a reply

Parameter

login/password_downwards_compatibility

Short text

Backward Compatibility of Passwords

Parameter Description

As of SAP NetWeaver (SAP_BASIS) 7.0, the system supports logon with passwords that can consist of up to 40 characters (previously: 8), and which are case-sensitive (previously, the system automatically converted from lowercase to uppercase letters). It is also possible to use any Unicode characters.

Unfortunately, this change is not backward compatible. The passwords are stored as hash values that are not backward compatible. If you are using this system together with other systems that only support backward compatible password hash values, you need to react appropriately.

The values of this profile parameter specify the desired behavior (default value = 1):

• 0 : No backward compatibility; the system only generates new password hash values (which are not backward compatible).

• 1 : The system also generates backward compatible password hash values internally, but does not evaluate these for logons (to the local system) with passwords; this setting is necessary if this system is used as a central system of a Central User Administration, and systems that only support backward compatible password hash values are connected to the system group.

• 2: The system also generates backward compatible password hash values internally and evaluates these if a logon with a password that is not backward compatible fails, to check whether the logon with the backward compatible password (truncated after 8 characters and converted to uppercase letters) would have been accepted. This is logged in the system log; the logon fails. (This setting identifies backward incompatibility problems.)

• 3 : As with 2, but the logon is regarded as successful (avoidance of backward incompatibility problems).

• 4 : As with 3, but no system log entry is written.

• 5 : System only issues backward compatible passwords hash values.

Application Area

Logon

Default Value

1 (Latent backward compatibility)

Are other parameters affected or dependent?

• login/password_charset
• login/min_password_lng
• login/min_password_diff
• login/min_password_digits
• login/min_password_letters
• login/min_password_specials
• login/min_password_lowercase
• login/min_password_uppercase
• login/password_compliance_to_current_policy

Values allowed

0, 1, 2, 3, 4, 5

You May Also Like

jstartup/shutdown_timeout : Timeout for the jstart controller process to wait for shutdown of child processes

jstartup/security_level : Security level for jcontrol

jstartup/sdm_properties : Path to SDM properties file

jstartup/recorder : Flight recorder configuration

Leave a Reply?