topic Re: Password deactivating in Application Development and Automation Discussions

Password deactivating

Former Member — Thu, 18 Jun 2009 10:50:37 GMT

Hi,

We are having a problem with passwords deactivating by themselves on login accounts.

We have discovered that we can reset the password and they start working again, but recently when we do that a short time later it deactivates itself again.

Can you please suggest what could be the problem.

Thanks & Regards

Balaji.P

Re: Password deactivating

sdipanjan — Thu, 18 Jun 2009 11:04:40 GMT

Balaji,

I couldn't get the question properly. Is this deactivation is carried out by Admin by "Deactivate Password" in change password option in SU01?

Or it is due to parameters of Maximum validity after creation of User or Resetting password of existing user?

If the 2nd option is true then you check the following profile parameter values (if you are below release WAS 7.0).

login/password_max_new_valid

login/password_max_reset_valid

Regards,

Dipanjan

Re: Password deactivating

Former Member — Thu, 18 Jun 2009 11:57:31 GMT

Hi Dipanjan,

Yes when we reset the password for the user,its getting deactivate again after a certain period of time.

And we are running on WAS 7.0.So is there any parameter related to password,that enables this.Is

the parameter login/password_max_idle_productive is set to the value 24000.So could this be of any use.

Thanks & Regards

Balaji.P

Re: Password deactivating

pradeepmathewch — Thu, 18 Jun 2009 12:19:04 GMT

Hi Balaji,

login/password_max_idle_productive is used for controlling maximum days a password (set by the user) can be unused (idle). May be you can check what is it's value.

Since you are using SAP NetWeaver 2004s, login/password_max_idle_initial also needs to be checked.

Make sure that these two parameters have fair duration of days which will not deactivate your passwords.

Hope it helps.

Thanks and Regards, Pradeep

Re: Password deactivating

sdipanjan — Thu, 18 Jun 2009 12:53:08 GMT

Agree with Pradeep... by default the parameter values take the measuring Unit as 'D' (Days).. You need to maintain it properly and no need to use the default one..

Also it is recommended that the parameter value for login/password_expiration_time should be lower than the Idle password parameters mentioned by Pradeep.

Also check and go through the documentation of the following parameters:

login/password_change_waittime

login/password_compliance_to_current_policy

login/disable_password_logon

Regards,

Dipanjan

Re: Password deactivating

Wolfgang_Janzen — Thu, 18 Jun 2009 20:41:19 GMT

Please check whether profile parameter login/password_change_for_SSO is set to value 3.

That could also explain this symptom.

To get certainty, I propose to use the analysis approach (by tracing) described in note 495911.

If all that fails, kindly report this as support case to SAP - including the information what actions have have already taken to analyse the problem.

Re: Password deactivating

Former Member — Thu, 18 Jun 2009 21:11:08 GMT

> ...the parameter login/password_max_idle_productive is set to the value 24000.

If this is excluded, then Wolfgang's explanation is the next logical conclusion - assuming that the user is logging on via Single-Sign-On to deactivate (also perhaps optionally, and choosing that option..) the password.

I would also be curious to know whether this is a dual stack system and the user is logging on via SSO but to the Java system actually, and you are using a UME pointing to the ABAP stack (which is where you have deactivated the password)?

Cheers,

Julius