Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Disable Initial Password Reset.

Former Member

‎2007 Jul 12 2:53 PM

0 Likes
5,653

Hello;

Is it possible to set that the user do not change the initial password

when created or even if the SAP Administrator reset it, the first time

the user log on the system.

Thanks;

Ali Gumusoglu

13 REPLIES 13
Read only

Former Member

‎2007 Jul 12 3:02 PM

0 Likes
3,030

I don't believe this is possible with a dialog user without modifying the SAP logon procedure code (possible but can be problematic).

More importantly, what would you want to do this? The change initial password is a good password control.

Read only

Former Member

‎2007 Jul 12 6:03 PM

0 Likes
3,030

Hi;

We would like to use client based SSO in our company. This SSO application is client based so we could' t use SSO profile parameters. I asked this question may be there is another relevant profile parameters.

Thanks;

Read only

Former Member
In response to Former Member

‎2007 Jul 13 8:25 AM

0 Likes
3,030

The client based SSO makes it a bit more difficult.

Last time I saw a situation like yours the answer was to modify the standard login program SAPMSYST to bypass the forced reset. If I remember correctly (it was a while ago) it was not straightforward as that program has protected source code. There is also the impact of support packs or general upgrades to consider if standard SAP is modified.

Good luck!

Read only

Wolfgang_Janzen
Product and Topic Expert
Product and Topic Expert
In response to Former Member

‎2007 Jul 15 6:42 PM

0 Likes
3,030

Just for your information: the routines to validate the logon data and to control the requirement / ability to change passwords are implemented in the kernel; SAPMSYST only implements the SAPGUI logon UIs.

But anyway: most likely <a href="https://service.sap.com/sap/support/notes/869218">SAP Note 869218</a> will provide the answer to Ali's question.

Cheers, Wolfgang

PS: any modification to the system program SAPMSYST will (with a very high likelyhood) result in (severe) problems - that's why it is protected (to prevent you from steping into trouble).

Read only

Former Member
In response to Former Member

‎2007 Jul 15 10:09 PM

0 Likes
3,030

I'm pretty sure (though not 100%) that the mods that were required to bypass the password prompt were only done in SAPMSYST - this was in 4.6A, either way I agree it's not something that should be taken lightly. The only situation where there is a high potential for severe problems is if insufficient time is taken to research the impact of the changes and test them properly.

Read only

Former Member
In response to Former Member

‎2007 Jul 19 12:23 PM

0 Likes
3,030

As Wolfgang already said it's absolutely sure (=100%) that you cannot bypass it with any ABAP modification

Read only

Former Member

‎2007 Jul 13 5:53 AM

0 Likes
3,030

Hi Ali,

Yes, it is possible; for that follow below steps:

1.Start the Config Tool C:\usr\sap\<SID>\<engine-instance>\j2ee\configtool\configtool.bat

Ex: D:\usr\sap\F02\JC00\j2ee\configtool --> configtool.bat

2.Goto cluster-data --> Global server configuration --> services --> com.sap.security.core.ume.service

3.Click on below property and set value is FALSE and click and "SET" button.

"ume.logon.security_policy.password_change_required = FALSE"

4.Save.

5. Restart the engine.

Now

1. Login with an "Administrator"

2. Create a user and define a password like "init123"

3. logoff from "administrator"

4. login with new user; password is "init123"

now system will not ask to change password.

Reward Points; if it is usefull.

Thanks,

Nagaraju Parlapalli

Read only

azmanhamid
Explorer
In response to Former Member

‎2014 Jun 04 9:04 AM

0 Likes
3,030

On 7.4, The closest parameter available is ume.logon.security_policy.password_change_allowed

Read only

Former Member

‎2007 Jul 13 6:38 AM

0 Likes
3,030

Hi Nagaraju ;

Our user connects to SAP R/3 over SAP GUI. We don't use java tools.

Our platform is;

OS: HP-UX 11.11

SAP 4.7 WAS

Oracle 9

Thanks.

Read only

Former Member

‎2007 Jul 13 7:50 AM

0 Likes
3,030

Hi Ali,

Check for the parameter "login/password_change_for_SSO".

I think by setting value 3 with this parameter we can make, deactivation of password..

Read the documentation of this parameter..

Reg'

Zeemaaa..

Read only

Matt_Fraser
Active Contributor

‎2007 Jul 29 10:44 PM

0 Likes
3,030

It is possible to bypass the initial password change requirement by setting the users to be of type SERVICE instead of DIALOG. However, there's a cost to this: SERVICE users cannot change their own passwords. It has to be done for them by system administrators. So, you would have to weigh the consequences of doing something like this against the perceived benefit.

--Matt

Read only

Wolfgang_Janzen
Product and Topic Expert
Product and Topic Expert
In response to Matt_Fraser

‎2007 Jul 30 8:46 AM

0 Likes
3,030

Not only this - SERVICE users are also not subject of the "idle password usage" control (-> login/password_max_idle_productive - see <a href="https://service.sap.com/sap/support/notes/862989">SAP Note 862989</a>) and the system will not create SAP Logon Tickets for SERVICE users (see <a href="https://service.sap.com/sap/support/notes/622464">SAP Note 622464</a>.

Read only

Former Member

‎2019 Jun 05 12:28 AM

0 Likes
3,030

Hi Ali ,

Tell me the procedure if your problem was resolved.