Skip to Content
avatar image
Former Member

Sap Logon password Length

Hi All,

In ECC6.0 when a user is setup there is a option which says password needs to be > 6. But there is no restriction on the max length .

We would like to restrict the password length to 8.

When initially user created basis sets it to 8 chars in length.

User can always click on new password and change password. When he does that and clicks on enter I wuld like to check the length of the new pwd and error a message if password > 8.

Could anyone help me in this as to how to go about it.

for logon screen there is only one user exit.. can i check it here? i do not know which is the table of structure the values are stored .

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

5 Answers

  • Best Answer
    Aug 20, 2007 at 08:09 AM

    Why do you want to restrict the password length?

    There can only be one reason: you have older systems in your landscape which do not support passwords which contain more than 8 characters and you want to synchronize the passwords across all systems.

    Well, such an approach is subject to failure for multiple reasons:

    1. restricting the passwords to 8 characters is not sufficient; length-restricted passwords can still contain lower-case characters and therefore be downwards-incompatible (see SAP" target="_blank">https://service.sap.com/sap/support/notes/1023437">SAP Note 1023437)

    2. password policies (including: password history) are system-specific; passwords which are accepted by one system might be rejected by another one; some systems might be unavailable at the point of time the password change was performed; they will run out of synch; even if all systems are available, the synchronization itself takes some time; during that time password-based logon requests will fail potentially resulting in a password lock (all that is described in SAP" target="_blank">https://service.sap.com/sap/support/notes/376856">SAP Note 376856).

    As explained in SAP" target="_blank">https://service.sap.com/sap/support/notes/1023437">SAP Note 1023437 it is possible to instruct an NWAS ABAP to create only downwards-compatible passwords (starting from the moment when passwords are changed / set while profile parameter login/password_downwards_compatibility is set to value 5). This then effects the UIs where you can enter new passwords - but not the ones where you enter the old password (since the old password might have been set / changed while login/password_downwards_compatibility < 5); that's at least true for the SAPGUI logon and for web-based access when using the "System Logon" (see SAP" target="_blank">https://service.sap.com/sap/support/notes/978885">SAP Note 978885).

    Cheers, Wolfgang

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Aug 16, 2007 at 03:03 PM

    You can use parameter login/password_downwards_compatibility to force max 8 char passwords.

    Read the following blog for more info on password related parameters: https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/2574. [original link is broken] [original link is broken] [original link is broken]

    Keep in mind when changing the compatibility parameter for shorter passwords it's may change how the hash values work along with other password related issues.

    Cheers,

    Ben

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Aug 16, 2007 at 11:25 AM

    I think for this you need help from an ABAP developer, the question may be better in the 'ABAP Development forum'.

    However as this is not supplied by SAP and is not required from an Audit point of view, can i ask why you require this functionality. I think if it is not available we have to question our intentions to some intent, without saying it is incorrect as there are lots of valid reasons for user exits etc.

    Hope this helps.

    Regards

    Ashley

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      No problem, so its an organizational policy which is understandable as you say consistency does away with any ambiguity.

      I would suggest you talk with an ABAP Developer to identify a User Exit or similar solution to your issue. Otherwise i am not aware of a solution available for this issue.

      Sorry i could not help more.

      Regards

      Ashley

  • avatar image
    Former Member
    Aug 16, 2007 at 03:35 PM

    Hello ,

    I think like this..your purpose will solve...

    In RZ11....login/min_password_lng

    Here it has some minimum and maximum passwd length..put your required max pass length...

    The tables related..to users..are..

    All user info. USR02

    All user passwd restrictions USR40

    User Profiles USR10

    User Authorizations USR12

    User history tables USH02

    List of All Tables DD02L

    I hope this information will help you...!!

    Note: Points always encourage me to reply !!

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Aug 17, 2007 at 04:56 AM

    Hello,

    You want that user must enter the 8 length password. right??

    if it is so then set the login/min_password_lng to 8 and u r problem solved.

    Regards,

    kamlesh

    Add comment
    10|10000 characters needed characters exceeded