Professional Documents
Culture Documents
(Login Parameters)
The following table presents the profile parameters with which you can set password and logon
rules. These profile parameters define the minimum requirements for passwords. However, you
cannot set any upper limits for password rules. For example, users can use any number of special
characters in their passwords, as long as they follow the other password rules. More information
about the procedure for changing profile parameters: Changing and Switching Profile
Parameters.
Note
To make the parameters globally effective in an ABAP System (system profile parameters), set
them in the default system profile DEFAULT.PFL. However, to make them instance-specific, set
the parameters in the profiles of the system application servers.
To display the parameter documentation, in the profile parameter maintenance tool (transaction
RZ11), enter the parameter name and choose Display. On the next screen, choose the
Documentation button.
Password Rules
Parameter Value Description
login/min_password_lng Default: 6 Defines the minimum length of
the password.
Permissible values: 3 - 40
Until SAP NetWeaver 6.40
(inclusive), up to 8 characters.
login/min_password_digits Default: 0 Defines the minimum number of
digits (0-9) in passwords.
Permissible values: 0 - 40
Available as of SAP Web AS
6.10 (Until SAP NetWeaver
6.40 (inclusive), up to 8
characters.)
login/min_password_letters Default: 0 Defines the minimum number of
letters (A-Z) in passwords.
Permissible values: 0 - 40
Available as of SAP Web AS
6.10 (Until SAP NetWeaver
6.40 (inclusive), up to 8
characters.)
Parameter Value Description
login/min_password_lowercase Default: 0 Specifies how many characters
in lower-case letters a password
Permissible values: 0 - 40 must contain.
2:
Not backward
compatible. The
password can consist
of any characters. It is
converted internally
into the Unicode
format UTF-8. If your
system does not
support Unicode, you
may not be able to
enter all characters on
the logon screen. This
restriction is limited by
the codepage specified
by the system
language.
Password Logon
Parameter Value Description
login/password_compliance_to_curre Default: 0 Available after SAP
nt_policy NetWeaver 6.40
Permissible values:
0: No Check
1: During the
password check, the
system checks
whether the current
password fulfills the
current password
rules. If this is not the
case, it forces a
password change.
Password Changes
Parameter Value Description
login/min_password_diff Default: 1 Defines the
minimum number
Permissible values: 1 - 40 of characters that
must be different
in the new
password
compared to the
old password.
Available as of
SAP Web AS 6.10
(Until SAP
NetWeaver 6.40
(inclusive), up to 8
characters.)
login/password_expiration_time Default: 0 Defines the
validity period of
Permissible values: 0 - 1000 passwords in days.
Parameter Value Description
login/password_change_for_SSO Default: 1 If the user logs on
with Single Sign-
Permissible values: On, checks
whether the user
0: Requirement to must change his or
change password is her password.
ignored (backward
compatible) Available as of
1: Dialog box with SAP Web AS
options 2 and 3 (user 6.10, as of SAP
decides) Basis 4.6 by
2: Password change Support Package
dialog only (enter: old
and new passwords)
3: Deactivation of the
password
(automatically, no
dialog box)
Available after
SAP NetWeaver
6.40
login/password_change_waittime Default: 1 Specifies the
number of days
Permissible values: 1 - 1,000 that a user must
(unit: days) wait before
changing the
password again.
Available after
SAP NetWeaver
6.40
Other Password Profile Parameters
Parameter Value Description
login/password_downwards_co Default: 1 Specifies the degree of backward
mpatibility compatibility.
Permissible
values: Available after SAP NetWeaver 6.40
0: Caution
Stores With
password login/password_downwards_comp
s in a atibility = 0, the system stores
format passwords in a format that systems with
that older kernels cannot interpret. Therefore,
systems ensure that all systems involved support the
with older new password coding before setting the
kernels profile parameter to the value 0.
cannot
interpret.
The
system
only
generates
new (non-
backward
-
compatibl
e)
password
hash
values.
1:
The
system
also
generates
backward
compatibl
e
password
hash
values
Parameter Value Description
internally,
but does
not
evaluate
these for
password-
based
logons (to
its own
system).
This
setting is
required
if you use
this
system as
the
central
system of
a Central
User
Administr
ation and
systems
that only
support
backward
compatibl
e
password
hash
values are
also
connected
to the
system
group.
2:
The
system
also
generates
backward
Parameter Value Description
compatibl
e
password
hash
values
internally,
which it
evaluates
if a logon
with the
new, non-
backward
compatibl
e
password
failed. In
this way,
the
system
checks
whether
the logon
would
have been
accepted
with the
backward
compatibl
e
password
(truncated
after eight
characters
, and
converted
to upper-
case). The
system
records
this in the
system
logon.
The logon
fails. This
setting is
Parameter Value Description
to allow
the
identificat
ion of
backward
incompati
bility
problems.
3:
As with
2, but the
logon is
regarded
as
successful
. This
setting is
to allow
the
avoidance
of
backward
incompati
bility
problems.
4:
As with
3, but the
system
does not
create an
entry in
the
system
log.
5:
Full
backward
compatibi
Parameter Value Description
lity: the
system
only
creates
backward
compatibl
e
password
hash
values.
Multiple Logon
Parameter Value Description
login/disable_multi_gui_login Default: 0 Controls the
deactivation of
Permissible values: 0, 1 multiple dialog
logons
1: The systme blocks
multiple dialog logons Available as of
in the same client and SAP Basis 4.6
under the same user
name.
Available as of
SAP Basis 4.6
Incorrect Logon
Parameter Value Description
login/fails_to_session_end Default: 3 Defines the number of
unsuccessful logon attempts
Permissible values: 1 - 99 before the system does not
allow any more logon
Parameter Value Description
attempts. Set the parameter
to a value lower than the
value of parameter
login/fails_to_user_lock.
login/fails_to_user_lock Default: 5 Defines the number of
unsuccessful logon attempts
Permissible values: 1 - 99 before the system locks the
user.
login/failed_user_auto_unlock Default: 0: Locks due to Defines whether user locks
incorrect logon attempts due to unsuccessful logon
remain valid for an unlimited attempts are automatically
period removed at midnight.
Permissible values: 0, 1
Available as of SAP
Basis 4.6D
login/ticket_only_by_https Default: 0 Specifies how the
system sets the logon
Permissible values: ticket, generated at
logon using HTTP(S),
0: Browser always in the browser.
sends ticket.
1: Browser only sends Available as of SAP
ticket for HTTPS Basis 4.6D
connections.
1: Refuses inbound
connections of type
CPIC. Inbound
connections of type
RFC remain
Parameter Value Description
unaffected.