Question:
It has been recommended by Audit that the USR40 - Impermissible password table is populated.
I can see the requirement for this and I understand that it should be actioned at the point of setting up Sap security. Unfortunately this has been an oversight and I am concerned what impact this will have on my user group if I were to add passwords onto the table.
If a user were to have a password that is considered not suitable will the user be invited to simply change there password or will there user id become locked ?
Many thanks for any help offered.
Answer:
If I recall correctly, the users will not be affected until they next have to change their password (you have set password expiry parameters?). Worse case scenario would be that users are prompted to change password at next login after the table update - no real loss there.
Alternatively in the latest releases of SAP there are parameters which you can set to force password rules such as number of alpha characters and number of numeric characters in a password. I cant remember what these are but have been covered in the forum before. This should be enough to satisfy audit as it will cover permutations which typically won't be covered by populating USR40 with a dictionary. If Audit kick up a fuss then you can politely tell them that mixing letters and numbers provides greater control over passwords than just dictionary protection.
Cheers,
Al.
Answer:
I have done a lot of testing based on the information you put down.
It works a treat, many thanks Al.
Answer:
I have done a lot of testing based on the information you put down.
It works a treat, many thanks Al.
And how many excluded passwords or password patterns (containing * or ?) did you insert?
Answer:
Hello I know of these....
login/min_password_digits : allows you to control the minimum number of digits in your password.
login/min_passwrd_letters : allows you to control the minimum number of characters in your password.
Does anyone know anymore?
Answer:
Hello I know of these....
login/min_password_digits : allows you to control the minimum number of digits in your password.
login/min_passwrd_letters : allows you to control the minimum number of characters in your password.
Does anyone know anymore?
Yes, start report RSPFPAR
use login/min_passw* for parameter, mark both checkboxes.
There's an additional parameter for min number of special characters (all except A-Z0-9)
Answer:
Dear Guest
I put in the following :-
pass*
holi*
Along with a list of specific words . . . .
But the more you put in the more you restrict the list lf valid possible words.
For example you want to stop a user putting "password1" as a password, put in pass* into your list.
Hope that helps you out.
Harry Potter