topic Re: password in Application Development and Automation Discussions

password

Former Member — Sat, 01 Mar 2008 01:10:46 GMT

Is it possible,that my password should not expiry at all?.

for dialog systems or system.

sri

Re: password

Former Member — Sat, 01 Mar 2008 04:20:04 GMT

Hello Sri,

The profile parameter login/password_expiration_time controls the expiry time of password. As long as this parameter is not maintained in the system profiles (dont confuse with Authorization profiles) in RZ10, you user password wont expire.

But the normal rule (atleast in production systems) is that

Users of the type DIALOG are not exempt from password epiration rules:

The profile parameter login/password_expiration_time controls this. the default value is 0 (number of days) and the maximum value is 1000. Normally we use a value of 30 days.

Also here is a link for Parameters with regards to login. Might be useful for you.

http://help.sap.com/saphelp_nw04s/helpdata/en/22/41c43ac23cef2fe10000000a114084/content.htm

Hope this helps.

Regards,

Prashant

Re: password

Former Member — Sat, 01 Mar 2008 04:23:21 GMT

Also, if you are talking of users of the type system, password expiry rules (even if they are set) dont apply to them.

Password expiry rules also dont apply to user of type Service since these users are used for anonymopus logins i.e the user ID is shared amonst a group of people and hence the normal rule is that they have highly restricted access (display authorizations only).

Regards,

Prashant

Re: password

Former Member — Sat, 01 Mar 2008 18:39:19 GMT

Prashant,

if i go and change profile parameter login/password_expiration_time controls the expiry time of password

in RZ10, it will be applicable to all DIALOG users.

But i want it to restrict particular user...how it works over here

(user groups might come into picture...

sri

Re: password

Former Member — Sun, 02 Mar 2008 10:31:26 GMT

Hello Sri,

No there is no praticular rule which allows you to group users together so that they cant be locked.

What ever rules we apply will be applicable to all the users of that type.

Infact a couple of days ago there was a discussion on the same issue in one of the threads raised by Julius Bussche (Moderator) in the Security Forum.

Try searching the thread with search criteria "Exceptions to the rule... idle users who are expected to be idle?".

You will get an insight on the issue.

Regards,

Prashant

Re: password

Former Member — Sun, 02 Mar 2008 22:07:25 GMT

For the record:

My question did not want to avoid changing the password, at whatever point in time.... nor for a specific user group.

It wanted to keep a secure user administration (of users in in decentral locations), without locking the user account for the reason of expected inactivity.

=> However, when the user logs on as expected, they should change the password (when it is expired) as per the policy, unless they exceed the expected period (or specific date...).

My case is specific to decentral end users.

Central administrators not wanting to change their passwords (as per a system policy) are a different case.

Kind regards,

Julius

Edited by: Julius Bussche on Mar 2, 2008 11:55 PM

Re: password

Former Member — Mon, 03 Mar 2008 03:54:51 GMT

Yes ofcourse Julius i did get the scope of our discussion on your thread. I just wanted Sri to get an insight on this instead of looking for a solution on having a user whose password would not expire at all (just in case he wanted to use the RZ10 parameter as mentioned above). But he too understands very the implications of such a change (as all administrators do ).

Regards,

Prashant