Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Hooks - Detect Password Change

Former Member

‎2004 Jun 15 1:04 PM

0 Likes
1,662

Hi,

I would like to be able to detect when ever a SAP user changes his password. I would also like to flow the new password to my application which is enforcing policies.

Can I do this sort of thing?

- Can the user change is password in any other manner other than through the password GUI?

- Can i write an ABAP function which gets called whenever the user clicks on new password? Can I intercept this password?

Can anyone help me here please?

An early answer will be highly appreciated.

Regards

~Rashmi

7 REPLIES 7
Read only

Former Member

‎2004 Jun 15 1:30 PM

0 Likes
1,328

Rashmi:

Just this a.m. on the SAPSearch newletter there was a section related specifically to passwords.

the link = http://searchsap.techtarget.com/featuredTopic/0,290042,sid21_gci969453,00.html?track=NL-136&ad=48464...

Plug that into your i-net browser. Hope it helps you.

Linda

Read only

Former Member

‎2004 Jun 15 1:43 PM

0 Likes
1,328

It is my belief that this is not possible - at least not in realtime.

If you implement a single sign-on solution, such as integration with Windows authentication, then you can defer the checks to the authentication system. For example, it is possible to implement code that gets called by a Windows domain controller whenever a network user changes their password (also allows for prevention of the change, for example if new password is unacceptable).

Cheers,

Scott

Read only

Former Member
In response to Former Member

‎2004 Jun 15 4:17 PM

0 Likes
1,328

Thanks for answering so quickly. Thanks Indies for that link. Its going to help me for sure.

My application is an identity management solution which needs to know when the password of a user has changed and to what it has changed to. Scott, I am afraid that I don't understand your answer. Can you please elaborate.

Thanks in advance.

Regards

~Rashmi

Read only

Former Member
In response to Former Member

‎2004 Jun 15 4:17 PM

0 Likes
1,328

Sorry I meant: Thanks Linda for the link.

Read only

Former Member

‎2004 Jul 16 11:09 AM

0 Likes
1,328

I think it is not possible to easily intercept the password, simply due to security reason.

When user changes his password on Logon screen the password handling logic is implemented on the kernel level. The ABAP coding of Logon screen is hidden, and you can’t modify it. Also you can’t substitute the Logon Screen, again simply due to security reason.

If you want to know if the password is changed you can find the old and new passwords hashes and the dates of modification in table USR02. Of cause the passwords are not stored in plain text there. You can schedule batch-job, which will periodically check this information. Or you just can use (or adapt) report RSUSR100 to get the history of password changes.

If you want to apply additional security policy you can use profile parameters like

login/min_password_*

login/password_*

There are a lot of them!

All what I said is refer only to the classical authentication scenario with SAP Username and Password. Other things like Single Sign-On and Secure Network Communication is a little bit different story. Please see the post from Scott.

Read only

eli_gabay
Discoverer

‎2004 Sep 26 2:04 PM

0 Likes
1,328

Hi Rashmi,

Can you share with me your solution ?

Thank you & Regards from,

Eli

Read only

Former Member
In response to eli_gabay

‎2004 Sep 27 9:29 AM

0 Likes
1,328

There is also a userexit EXIT_SAPLSUSF_001 that is run each time the user logs on to the system.

Perhaps this can be used in some way.

Cheers

Colin.