Question:
Hi there,
Any of you guys have any idea whether SAP is going to allow for longer passwords in the future, or if we are still stuck with maximum 8?
Is the limitation based on the standard unix limitations or what is the reason?
Thanks in advance.
Answer:
Field size in the table definiton. SAP has added features to force number and letter mix and special character. Highly unlikely the length will be changed.
Answer:
SAP is directionally moving to external authentication.
Answer:
I discussed this with one of the SAP security developers at ASUG this year, he mentioned that they are adding the ability to increase the password length in 4Q of 2005 but only in the latest release.
Answer:
That actually makes some sense. It really isn't field length in the table. The password is stored in a long encrypted string (longer than 8 characters). I don't see why (although I could be wrong) that SAP couldn't just increase the width of the screen fields and encrypt it to the same length encrypted string.
The data elemnet/domain is used in severa screens several screens but changing that should be pretty easy or so I would think.
Answer:
It will require Kernel changes, not just data element, domain changes. SAP has to deal with all the RFC and GUI Kernel internals not just screen fields and downward compatibility, CUA and ITS and external communications, Not a trivial exercise.
Answer:
It will require Kernel changes, not just data element, domain changes. SAP has to deal with all the RFC and GUI Kernel internals not just screen fields and downward compatibility, CUA and ITS and external communications, Not a trivial exercise.
Not trivial but not as hard as changing the length of the user name or heaven forbid allowing six character company codes.
Answer:
The password is stored in a long encrypted string (longer than 8 characters).
No, it's an 8 byte hash (hexadecimal).
Answer:
Thanks a lot for your answers.