ECC 6.0 Password Case Sensitive Parameter

Former Member · ‎06-20-2007

In ECC 6.0 the new password setting is case sensitive and I require to change this parameter to not require case Sensitive the same as the current 4.6C till after our upgrade. We will be using the case sensitive feature when we upgrade the BW systems as a separate project.

Which parameters should be set and the value?

Message was edited by:

Leslie J Tighe

Message was edited by:

Leslie J Tighe

Former Member · ‎06-20-2007

Leslie,

login/password_downwards_compatibility

You may need setting 1. Which has no case-sensitivity and 8 characters.

Gerlinde Zibulski an SAP Employee has an informative blog with detailed info:

/people/sap.user72/blog/2005/10/19/attention-security-administrators-new-password-rules-are-on-their-way

Cheers,

Ben

Former Member · ‎06-20-2007

I tried the value of one in that parameter and it still reviewed by new password as case sensitive..Is there another parameter I should be setting..

manohar_kappala2 · ‎06-21-2007

Hi,

Try with value 5 for the same parameter "login/password_downwards_compatibility" it should now allow u to only use the non case sensitive passwords.

If you want both to work then u can use 3.

Let me know if this works

Manohar

Message was edited by:

Manohar Kappala

former_member403242 · ‎06-27-2007

I got same situation. I upgrade 46c to Ecc6.0. I can only logon with DDIC at client000. All user's account cannot logon. Same error message that is 'Name or Password is not correct'. As you suggestion, I change that parameter to 5. User still cannot logon.

WolfgangJanzen · ‎07-02-2007

@ Amy Xie:

Sorry, but that's not correct.

All users can logon after a system upgrade (reason: in their user master record it is stated that their password is encoded with an older password "code version").

I assume that those users have changed their password and are now trying to logon with the new password w/o knowing that this new password is now case-sensitive. When using a different client than SAPGUI it is possible that the client / middle-ware component is (silently) modifying the entered password (e.g. by converting all entered lower case characters to upper case characters) - see <a href="https://service.sap.com/sap/support/notes/1023437">SAP Note 1023437</a>

Regards, Wolfgang

WolfgangJanzen · ‎07-02-2007

Please have a kind look on <a href="https://service.sap.com/sap/support/notes/1023437">SAP Note 1023437</a> which tries to provide some background information.

<u>Notice</u>: login/password_downwards_compatibility = 5 only has an impact on the creation of new passwords. It does not impact existing passwords / accounts; only when the user (or the admin) is assigning a new password, it will be evaluated.

For the very same reason the logon UIs will always (have to) allow to enter passwords which exceed the (former) boundary of 8 characters - even if login/password_downwards_compatibility = 5. That profile parameter might only have a "visible" impact (UI relevant) for the input fields of the "new password" - but never for the "old / current password".

Regards, Wolfgang

PS: for SYSTEM / SERVICE users whose logon data might be stored in some (remote) RFC destinations, it is always <u>possible</u> to assign a downwards-compatible password in an ABAP 7.0 system (aka ECC 6.0 aka NW 2004s) - even if the current password policy would enforce the usage of downwards-incompatible passwords (see info button in SU01 which occurs when assigning a downwards-incompatible password).