profile parameters
TRANSCRIPT
Password Checks
login/min_password_lng
login/min_password_digits
login/min_password_letters
login/min_password_specials
login/password_charset
login/min_password_diff
login/password_expiration_time
login/password_change_for_SSO
login/disable_password_logon
login/password_logon_usergroup
Defines the minimum length of the password.Default value: 3; permissible values: 3 – 8
Defines the minimum number of digits (0-9) in passwords.Default value: 0; permissible values: 0 – 8Available as of SAP Web AS 6.10
Defines the minimum number of letters (A-Z) in passwords. Default value: 0; permissible values: 0 – 8Available as of SAP Web AS 6.10
Default value: 0; permissible values: 0 – 8Available as of SAP Web AS 6.10
This parameter defines the characters of which a password can consist.Permissible values:
Available in the standard system as of SAP Web AS 6.40.
Defines the minimum number of characters that must be different in the new password compared to the old password.
Available as of SAP Web AS 6.10
Defines the minimum number of special characters in the password Permissible special characters are $%&/()=?'`*+~#-_.,;:{[]}\<>│ and space
● 0 (restrictive): The password can only consist of digits, letters, and the following (ASCII) special characters :!"@ $%&/()=?'`*+~#-_.,;:{[]}\<>| and space
● 1 (backward compatible, default value): The password can consist of any characters including national special characters (such as ä, ç, ß from ISO Latin-1, 8859-1). However, all characters that are not contained in the set above (for value = 0) are mapped to the same special character, and the system therefore does not differentiate between them.
● 2 (not backward compatible): The password can consist of any characters. It is converted internally into the Unicode format UTF-8. If your system does not support Unicode, you may not be able to enter all characters on the logon screen. This restriction is limited by the code page specified by the system language.
With login/password_charset = 2, passwords are stored in a format that systems with older kernels cannot interpret. You must therefore only set the profile parameter to the value 2 after you have ensured that all systems involved support the new password coding.
Defines the validity period of passwords in days.Default value: 0; permissible values: any numerical value
If the user logs on with Single Sign-On, checks whether the user must change his or her password.Available as of SAP Web AS 6.10, as of SAP Basis 4.6 by Support Package
Controls the deactivation of password-based logon
Controls the deactivation of password-based logon for user groupsAvailable as of SAP Web AS 6.10, as of SAP Basis 4.6 by Support Package
This means that the user can no longer log on using a password, but only with Single Sign-On variants (X.509 certificate, logon ticket). More information: Logon Data Tab Page
Multiple Logon
login/disable_multi_gui_login
login/multi_login_users
Controls the deactivation of multiple dialog logonsAvailable as of SAP Basis 4.6
Available as of SAP Basis 4.6
List of excepted users, that is, the users that are permitted to log on to the system more than once.
Incorrect Logon
login/fails_to_session_end
login/fails_to_user_lock
login/failed_user_auto_unlock
Default value: 3; permissible values: 1 -99
Default value: 12; permissible values: 1 -99
Defines the number of unsuccessful logon attempts before the system does not allow any more logon attempts. The parameter is to be set to a value lower than the value of parameter login/fails_to_user_lock.
Defines the number of unsuccessful logon attempts before the system locks the user. By default, the lock applies until midnight.
Defines whether user locks due to unsuccessful logon attempts should be automatically removed at midnight.
Default value: 1 (Lock applies only on same day); permissible values: 0, 1
Initial Password: Limited Validity
login/password_max_new_valid
login/password_max_reset_valid
Defines the validity period of reset passwords.
Defines the validity period of passwords for newly created users.
Available as of SAP Web AS 6.10, as of SAP Basis 4.6 by Support Package
Available as of SAP Web AS 6.10, as of SAP Basis 4.6 by Support Package
SSO Logon Ticket
login/accept_sso2_ticket
login/create_sso2_ticket
login/ticket_expiration_time
login/ticket_only_by_https
login/ticket_only_to_host
Allows or locks the logon using SSO ticket.
Allows the creation of SSO tickets.Available as of SAP Basis 4.6D
Defines the validity period of an SSO ticket.Available as of SAP Basis 4.6D
The logon ticket is only transferred using HTTP(S).Available as of SAP Basis 4.6D
Available as of SAP Basis 4.6D
Available as of SAP Basis 4.6D, as of SAP Basis 4.0 by Support Package
When logging on over HTTP(S), sends the ticket only to the server that created the ticket.
Other Login Parameters
login/disable_cpic
login/no_automatic_user_sapstar
login/system_client
login/update_logon_timestamp
Other User Parameters
rdisp/gui_auto_logout
Refuse inbound connections of type CPIC
Specifies the exactness of the logon timestamp.
Controls the emergency user SAP* (SAP Notes 2383 and 68048)
Specifies the default client. This client is automatically filled in on the system logon screen. Users can type in a different client.
Defines the maximum idle time for a user in seconds (applies only for SAP GUI connections).
Default value: 0 (no restriction); permissible values: any numerical value