SAP Profile Parameter For Logon and Password

Profile Parameters for Logon and Password (Login Parameters) (SAP Library - Identity Mana... https://help.sap.com/saphelp_snc70/helpdata/EN/22/41c43ac23cef2fe10000000a114084/content...
Profile Parameters for Logon and Password (Login

Parameters)
The following table presents the profile parameters with which you can set password and logon rules. These profile
parameters define the minimum requirements for passwords, for example, that the password must contain at least three
special characters. You cannot set upper limits for password rules. For example, in accordance with the usual password rules,
the users can enter any number of special characters. For information about the procedure for changing profile parameters,
see Changing and Switching Profile Parameters.
To make the parameters globally effective in an SAP system (system profile parameters), set them in the
default system profile DEFAULT.PFL. However, to make them instance-specific, you must set them in the
profiles of each application server in your SAP system.
To display the documentation for one of the parameters, choose Tools → CCMS → Configuration → Profile Maintenance
(transaction RZ10), specify the parameter name, and choose Display. On the following screen, choose the Documentation
pushbutton.
Password Rules
Parameter Explanation
login/min_password_lng Defines the minimum length of the password.
Default value: 6; permissible values: 3 – 40
Until SAP NetWeaver 6.40 (inclusive), up to 8 characters.
login/min_password_digits Defines the minimum number of digits (0-9) in passwords.
Available as of SAP Web AS 6.10 (Until SAP NetWeaver
6.40 (inclusive), up to 8 characters.)
login/min_password_letters Defines the minimum number of letters (A-Z) in
passwords.
1 of 9 4/10/2020, 3:28 PM

login/min_password_lowercase Specifies how many characters in lower-case letters a
password must contain. Permissible values: 0 – 40;
default value 0
Available after SAP NetWeaver 6.40
login/min_password_uppercase Specifies how many characters in upper-case letters a
password must contain. Permissible values: 0 – 40;
default value 0
login/min_password_specials Defines the minimum number of special characters in the
password Permissible special characters are, in particular,
!"@ $%&/()=?'`*+~#-_.,;:{[]}\<>| and space and the grave
accent.
After SAP NetWeaver 6.40, all characters that are not
letters or digits are regarded as special characters.
login/password_charset This parameter defines the characters of which a
password can consist.
Permissible values:
● 0 (restrictive): The password can only consist of
digits, letters, and the following (ASCII) special
characters: !"@ $%&/()=?’*+~#-_.,;:{[]}\<>│ and
space and the grave accent.
● 1 (backward compatible, default value): The
password can consist of any characters including
national special characters (such as ä, ç, ß from
2 of 9 4/10/2020, 3:28 PM
ISO Latin-1, 8859-1). However, all characters that

are not contained in the set above (for value = 0)
are mapped to the same special character, and the
system therefore does not differentiate between
them.
● 2 (not backward compatible): The password can
consist of any characters. It is converted internally
into the Unicode format UTF-8. If your system does
not support Unicode, you may not be able to enter
all characters on the logon screen. This restriction is
limited by the code page specified by the system
language.
With login/password_charset = 2, passwords are

stored in a format that systems with older kernels cannot
interpret. You must therefore only set the profile
parameter to the value 2 after you have ensured that all
systems involved support the new password coding.
Available in the standard system as of SAP Web AS 6.40.
Password Logon
login/password_compliance_to_current_policy Permissible values: 0 – no check; 1 – the system
checks during password logon whether the current
password complies with the current password rules
and forces a password change if this is not the
case.
Default value: 0
3 of 9 4/10/2020, 3:28 PM
login/disable_password_logon Controls the deactivation of password-based logon

This means that the user can no longer log on
using a password, but only with Single Sign-On
variants (X.509 certificate, logon ticket). More
information: Logon Data Tab Page
Available as of SAP Web AS 6.10, as of SAP Basis
4.6 by Support Package
login/password_logon_usergroup Controls the deactivation of password-based logon
for user groups
Available as of SAP Web AS 6.10, as of SAP Basis
4.6 by Support Package
login/password_max_idle_productive Specifies the maximum period for which a
productive password (a password chosen by the
user) remains valid if it is not used. After this period
has expired, the password can no longer be used
for authentication. The user administrator can
reactivate password-based logon by assigning a
new initial password.
Permissible values: 0 – 24,000 (unit: days); Default
value 0, that is, the check is deactivated
login/password_max_idle_initial Specifies the maximum period for which an initial
password (a password chosen by the
administrator) remains valid if it is not used. After
this period has expired, the password can no
longer be used for authentication. The user
administrator can reactivate password-based logon
by assigning a new initial password.
This parameter replaces the profile parameters
4 of 9 4/10/2020, 3:28 PM
login/password_max_new_valid and
login/password_max_reset_valid.
Permissible values: 0 – 24,000 (unit: days); Default
value 0, that is, the check is deactivated
login/password_max_new_valid Defines the validity period of passwords for newly
created users.
Only available in SAP Web Application Server 6.20
and 6.40.
login/password_max_reset_valid Defines the validity period of reset passwords.
Only available in SAP Web Application Server 6.20
and 6.40.
Password Changes
login/min_password_diff Defines the minimum number of characters that must be
different in the new password compared to the old
password.
login/password_expiration_time Defines the validity period of passwords in days.
login/password_change_for_SSO If the user logs on with Single Sign-On, checks whether
the user must change his or her password.
Available as of SAP Web AS 6.10, as of SAP Basis 4.6 by
Support Package
login/password_history_size Specifies the number of passwords (chosen by the user,
not the administrator) that the system stores and that the
5 of 9 4/10/2020, 3:28 PM
user cannot use again.

Permissible values: 1 – 100 (unit: number of entries);
default value 5
login/password_change_waittime Specifies the number of days that a user must wait before
changing the password again.
Permissible values: 1 – 1,000 (unit: days); default value 1
Other Password Profile Parameters

login/password_downwards_compatibility Specifies the degree of backward compatibility to be
achieved. The default value is 1, where the values have the
following meaning:
0
With login/password_downwards_compatibility =
0, passwords are stored in a format that systems with older
kernels cannot interpret. The system only generates new
(backward incompatible) password hash values.
1
The system also generates backward compatible password
hash values internally, but does not evaluate these for
password-based logons (to its own system). This setting is
required if this system is used as the central system of a
Central User Administration that systems that only support
backward compatible password hash values are also
connected to the system group.
2
6 of 9 4/10/2020, 3:28 PM
The system also generates backward compatible password

hash values internally, which it evaluates if a logon with the
new, non-backward compatible password failed. In this way,
the system checks whether the logon would have been
accepted with the backward compatible password (truncated
after eight characters, and converted to upper-case). This is
recorded in the system log. The logon fails. This setting is to
allow the identification of backward incompatibility problems.
3
As with 2, but the logon is regarded as successful. This
setting is to allow the avoidance of backward incompatibility
problems.
4
As with 3, but no entry is created in the system log.
5
Full backward compatibility: the system only creates
backward compatible password hash values.
Multiple Logon
login/disable_multi_gui_login Controls the deactivation of multiple dialog logons
Available as of SAP Basis 4.6
login/multi_login_users List of excepted users, that is, the users that are permitted to
log on to the system more than once.
Incorrect Logon
7 of 9 4/10/2020, 3:28 PM
login/fails_to_session_end Defines the number of unsuccessful logon attempts before

the system does not allow any more logon attempts. The
parameter is to be set to a value lower than the value of
parameter login/fails_to_user_lock.
Default value: 3; permissible values: 1 -99
login/fails_to_user_lock Defines the number of unsuccessful logon attempts before
the system locks the user.
Default value: 5; permissible values: 1 -99
login/failed_user_auto_unlock Defines whether user locks due to unsuccessful logon
attempts should be automatically removed at midnight.
Default value: 0 (locks due to incorrect logon attempts remain
in force for an unlimited period); permissible values: 0, 1
SSO Logon Ticket

login/accept_sso2_ticket Allows or locks the logon using SSO ticket.
Available as of SAP Basis 4.6D, as of SAP Basis 4.0 by
Support Package
login/create_sso2_ticket Allows the creation of SSO tickets.
Available as of SAP Basis 4.6D
login/ticket_expiration_time Defines the validity period of an SSO ticket.
Default value: 8; Unit: hours
login/ticket_only_by_https The logon ticket is only transferred using HTTP(S).
login/ticket_only_to_host When logging on over HTTP(S), sends the ticket only to the
server that created the ticket.
8 of 9 4/10/2020, 3:28 PM
Other Login Parameters

login/disable_cpic Refuse inbound connections of type CPIC
login/no_automatic_user_sapstar Controls the emergency user SAP* (SAP Notes 2383 and
68048)
Default value: 1, that is, the emergency user must be
explicitly activated
Permissible values: 0, 1
login/system_client Specifies the default client. This client is automatically filled in
on the system logon screen. Users can type in a different
client.
login/update_logon_timestamp Specifies the exactness of the logon timestamp.
Other User Parameters

rdisp/gui_auto_logout Defines the maximum idle time for a user in seconds (applies
only for SAP GUI connections).
Default value: 0 (no restriction); permissible values: any
numerical value
9 of 9 4/10/2020, 3:28 PM

SAP Profile Parameter For Logon and Password

Загружено:

Сведения о документе

Исходное описание:

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

SAP Profile Parameter For Logon and Password

Загружено:

Авторское право:

Доступные форматы

Profile Parameters for Logon and Password (Login Parameters) (SAP Library - Identity Mana... https://help.sap.com/saphelp_snc70/helpdata/EN/22/41c43ac23cef2fe10000000a114084/content...

Profile Parameters for Logon and Password (Login

Available as of SAP Web AS 6.10 (Until SAP NetWeaver

ISO Latin-1, 8859-1). However, all characters that

With login/password_charset = 2, passwords are

login/disable_password_logon Controls the deactivation of password-based logon

user cannot use again.

Other Password Profile Parameters

The system also generates backward compatible password

login/fails_to_session_end Defines the number of unsuccessful logon attempts before

SSO Logon Ticket

Other Login Parameters

Other User Parameters

Вам также может понравиться