SAP Logon & Password Profile Parameters

Posted by — March 6, 2011 in SAP SECURITY Leave a reply

To display the documentation for one of the parameters, go to transaction code RZ10, specify the parameter name, and choose Display. On the following screen, choose the Documentation pushbutton. To make the parameters globally effective in an SAP system (system profile parameters), set them in the default system profile DEFAULT.PFL. However, to make them instance-specific, you must set them in the profiles of each application server in your SAP system.

Password Checks

• login/min_password_lng : Defines the minimum length of the password.

• login/min_password_digits : Defines the minimum number of digits (0-9) in passwords.

• login/min_password_letters : Defines the minimum number of letters (A-Z) in passwords.

• login/min_password_specials : Defines the minimum number of special characters in the password.

• login/password_charset : This parameter defines the characters of which a password can consist.

• login/password_expiration_time : Defines the validity period of passwords in days.

• login/password_change_for_SSO : If the user logs on with Single Sign-On, checks whether the user must change his or her password.

• login/disable_password_logon : Controls the deactivation of password-based logon. This means that the user can no longer log on using a password, but only with Single Sign-On variants (X.509 certificate, logon ticket).

• login/password_logon_usergroup : Controls the deactivation of password-based logon for user groups.

Multiple Logon

• login/disable_multi_gui_login : Controls the deactivation of multiple dialog logons.

• login/multi_login_users : List of excepted users, that is, the users that are permitted to log on to the system more than once.

Incorrect Logon

• login/fails_to_session_end : Defines the number of unsuccessful logon attempts before the system does not allow any more logon attempts. The parameter is to be set to a value lower than the value of parameter login/fails_to_user_lock.

• login/fails_to_user_lock : Defines the number of unsuccessful logon attempts before the system locks the user. By default, the lock applies until midnight.

• login/failed_user_auto_unlock : Defines whether user locks due to unsuccessful logon attempts should be automatically removed at midnight.

Initial Password: Limited Validity

• login/password_max_new_valid : Defines the validity period of passwords for newly created users.

• login/password_max_reset_valid : Defines the validity period of reset passwords.

SSO Logon Ticket

• login/accept_sso2_ticket : Allows or locks the logon using SSO ticket.

• login/create_sso2_ticket : Allows the creation of SSO tickets.

• login/ticket_expiration_time : Defines the validity period of an SSO ticket.

• login/ticket_only_by_https : The logon ticket is only transferred using HTTP(S).

• login/ticket_only_to_host : When logging on over HTTP(S), sends the ticket only to the server that created the ticket.

Other Login Parameters

• login/disable_cpic : Refuse inbound connections of type CPIC

• login/no_automatic_user_sapstar : Controls the emergency user SAP*

• login/system_client : Specifies the default client. This client is automatically filled in on the system logon screen. Users can type in a different client.

• login/update_logon_timestamp : Specifies the exactness of the logon timestamp.

Other User Parameters

• rdisp/gui_auto_logout : Defines the maximum idle time for a user in seconds (applies only for SAP GUI connections).

You May Also Like

SAML2: Format ’emailAddress’ is not supported for user assignment

Internal error – NUMBER_GET_NEXT call error (SU01)

SNCCONFIG: Displaying the SNC Configuration for Application Server ABAP

How to mass update the SNC Name/Canonical Name of SAP User

Leave a Reply?