Announcement:
wanna exchange links? contact me at sapchatroom@gmail.com.
Posted by
Admin at
Reply from Buss_Potter on Sep 13 at 10:54 AM Mandeep,
As long as the "Permit Password Logon for SAP GUI (User-Specific)" is not ticked (field USRACL-GUIFLAG) none of the changes you mention will affect the user's experience.
However, if a user does have that the field ticked, and changes are made to the password expiry, upon expiry of the stored password the user will see a screen that invites them to put in their existing password and a new password (twice), or to click on the dustbin icon to not need to use a password.
I would suggest that you check table USRACL to ensure the field is not ticked (i.e. is blank) for normal users, and for those users you need to have a password-based logon, the SNC name is removed and the GUIFLAG is ticked. If you do this, I would then set the snc/accept_insecure_gui parameter to "U" (accept unprotected logons for only those users who have the appropriate flag set in their user master record).
If you need more details on SNC, I have always found the following useful: https://help.sap.com/erp2005_ehp_05/helpdata/en/dd /2e029250f64ed682e1b2f3eda66fca/frameset.htm
With Best Wishes
Adrian
| | | ---------------Original Message---------------
From: MandeepKaur
Sent: Wednesday, September 13, 2017 10:06 AM
Subject: Enable Password Properties However SSO is already Active
Hi Gurus,
My client has SSO active for PRD and the authentication is done via SNC string. Users do not have their passwords for the SAP system login. All users continue to have the initial password in the userprofile.
Now the requirement is to enable password properties like minimum length, expiration time etc. This is being done primarily for users who do not use SNC and have a separate password for login eg FIREFIGHTER, DDIC. Please advice which parameters I should be looking at to not break/override the SSO settings. We do not want users to not be able to login even through SSO if, for eg, their initial password locks locks after 60 days due to parameter login/password_expiration_time |
| Reply to this email to post your response. __.____._ |   _.____.__ |
