Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Programmatically changing passwords

Go to solution
Former Member

‎2012 Feb 28 6:50 PM

0 Likes
2,056

We have a program written years ago which was designed to assign random passwords to DDIC and other privileged accounts. It uses a fixed seed and function module RSEC_GENERATE_PASSWORD. The problem is, the random password generated is of CHAR format. When I try to put it into USR02-BCODE, it does not convert. I cannot find any kind of conversion function module which will provide the desired results. Like said, this program has been around forever, and "they" claim it worked at one time. Can anyone suggest a way to do this, or better yet, is there a more modern method of randomly generating password programatically.

Thanks,

-d.

1 ACCEPTED SOLUTION
Read only

Go to solution
Former Member

‎2012 Feb 29 9:05 AM

0 Likes
1,686

RSEC_GENERATE_PASSWORD is obsolete, and USR02-BCODE is obsolete in higher releases without backward compatibility as well.

Use SUSR_GENERATE_PASSWORD and import the password into BAPI_USER_CHANGE to form the required hash in USR02-PASSCODE. Then nothing can go wrong.... (touch wood.)

Cheers,

Julius

10 REPLIES 10
Read only

Go to solution
mvoros
Active Contributor

‎2012 Feb 28 10:42 PM

0 Likes
1,686

Hi,

wouldn't be better to use standard BAPI to change password instead of direct access to USR02. BAPI BAPI_USER_CHANGE allows to set productive password. It requires that user is logged on via SNC. As a workaround for this you can use FM used inside this BAPI. It has a parameter to disable this check.

Cheers

Read only

Go to solution
Former Member

‎2012 Feb 29 9:05 AM

0 Likes
1,687

RSEC_GENERATE_PASSWORD is obsolete, and USR02-BCODE is obsolete in higher releases without backward compatibility as well.

Use SUSR_GENERATE_PASSWORD and import the password into BAPI_USER_CHANGE to form the required hash in USR02-PASSCODE. Then nothing can go wrong.... (touch wood.)

Cheers,

Julius

Read only

Go to solution
Former Member
In response to Former Member

‎2012 Feb 29 10:20 AM

0 Likes
1,686

I checked the source code of SUSR_GENERATE_PASSWORD on ECC6 EHP4 : it just calls RSEC_GENERATE_PASSWORD...

Regards,

Olivier

Read only

Go to solution
Former Member
In response to Former Member

‎2012 Feb 29 2:07 PM

0 Likes
1,686

BAPI_USER_CHANGE is changing the password I enter to Upper Case. Our passwords require a mixture of Upper and Lower Case. How can you prevent this?

Read only

Go to solution
Former Member
In response to Former Member

‎2012 Feb 29 5:37 PM

0 Likes
1,686

When you single test the FM, then there is a little check box to import parameters case-sensitively.

When calling the FM there is a syntax to set this (make sure you type the field correctly and check the key word CALL FUNCTION in tcode ABAPDOCU! - as I cannot remember exactly what the extention / declaration is).

If you do a where-used-list on SUSR_GENERATE_PASSWORD then you will find where the exported values are imported and what the syntax is.

Cheers,

Julius

Read only

Go to solution
Former Member
In response to Former Member

‎2012 Feb 29 5:47 PM

0 Likes
1,686

Hi Oliviier,

I see that SAP has now moved the downward compatibility checks to the inside the the RSEC function. In earlier versions it did not respect this. Perhaps they do this at major release changes?

But AFAIK the SUSR one is the stable API --> new features might be introduced before calling the RSEC one, as they have been in the past.

But yes, for the moment you are correct (also on my system).

Cheers,

Julius

Read only

Go to solution
Former Member
In response to Former Member

‎2012 Mar 01 4:47 PM

0 Likes
1,686

Forgive me for appearing totally clueless, but how do you check the box inside of a program? I do not see that field as an input parameter nor in the code?

Thanks.

Read only

Go to solution
Former Member
In response to Former Member

‎2012 Mar 01 9:03 PM

0 Likes
1,686

Please post your code for the data declaration of the password to verify that it is not converted there. Is it XUBCODE?

The imported password must be the BAPI structure BAPIPWD, then call the BAPI using this password (whatever it is...)

Cheers,

Julius

Read only

Go to solution
Former Member
In response to Former Member

‎2012 Mar 02 4:51 PM

0 Likes
1,686

That will not be necessary. I think I have found a workable solution. When I used SUSR_GENERATE_PASSWORD it would not generate a password with mixed case, even if I checked the box. I ended up calling RSEC_GENERATE_PASSWORD directly and giving it a seed with mixed case. This gave me the results I wanted,even though it only returned and upper case for an upper case and a lower for a lower. I can live with that. Thank you for your assistance.

Read only

Go to solution
Former Member
In response to Former Member

‎2012 Mar 02 5:28 PM

0 Likes
1,686

I would still recommend SUSR_GENERATE_PASSWORD (IF FOUND), particularly if you plan to transport this tool to other systems on different releases, where the RSEC_GENERATE_PASSWORD has different import parameters (or you upgrade your system and then they change!).

What you are looking for to specify the maximum number of password wizard parameters (such that they still comply with the minimum system parameters!) is described in [SAP Note 915488 - Customizing switch for password generation|https://service.sap.com/sap/support/notes/915488].

Cheers,

Julius