topic Re: Password validation function in Application Development and Automation Discussions

Password validation function

Former Member — Fri, 20 Apr 2012 16:08:09 GMT

Is there any way to validate if a specific string is SAP password compliance?

Here is the scenario.

A variable as string format needs to be validated as SAP password compliance.

If the string is not password compliant, the function should return why it is not.

Example:

String value: "Alabama1

The string is not password compliant because the " character is not valid into a password.

String value: 12345678

The string is not password compliant because of a missing capital letter.

So, I need the password validation call/routine to call with passing the string and have in return if the string is valid as password.

Any suggestion will be highly appreciated.

Regards

Daniel

Re: Password validation function

Former Member — Fri, 20 Apr 2012 16:21:21 GMT

I think there is a table that has some of the general rules. You can look for that.

But one of the rules is that the new password can't be the same as any of the previous three (I think). So to do this, you would ahve to know and decrypt the three previous ones - which I am pretty sure you cannot do.

Rob

Re: Password validation function

Former Member — Fri, 20 Apr 2012 20:20:51 GMT

Hello Rob

Thank you for your feedback.

The fact is I just need the process that is validating the string before this one is encrypted.

Like:

At least one uppercase letter

At least one lowercase letter

At least one digit

etc.

Those validation are already done when a user is changing his password. I just want to avoid to rewrite something that is already existing and those validation are done before the string is encrypted.

So, I just need the string validation before the string is encrypted and saved into UR02 table.

Regards

Daniel.

Re: Password validation function

Former Member — Fri, 20 Apr 2012 20:47:33 GMT

Table USR40 - Table for illegal passwords

Why don't debug what happens when you change your password, and do it incorrectly?

Rob

Re: Password validation function

Former Member — Fri, 20 Apr 2012 21:10:06 GMT

Hello Rob

I was aware of the usr40 table but it contains only words that is prohibited to use.

I did pass through the debugging mode. The only think I found is the "CALL 'PASSWORD'" where I didn't find any documentation so far on the parameters to use.

The "CALL" return all the error that can be found in the password but the example I have is to change the password. I do not want to change the user password, I just want to validate of a string is password complient. So passing the string to the function, this one should return the proper error when the string is not password complient but return 0 when the string is password complient.

Regards

Daniel

Re: Password validation function

Former Member — Fri, 20 Apr 2012 21:20:11 GMT

I believe it's done by the SAP kernel (CALL 'PASSWORD') and you don't have access to it.

Rob

Re: Password validation function

Former Member — Fri, 20 Apr 2012 21:25:29 GMT

Additionally FM RSEC_GENERATE_PASSWORD generates valid passwords. You might have a look at what it's doing. There's other information on the web as well.

Rob

Re: Password validation function

Former Member — Mon, 23 Apr 2012 18:05:29 GMT

I found the function I need.

PASSWORD_FORMAL_CHECK

Thanks for help.

Regards

Daniel