2024年3月29日发(作者：联想k29为什么是神机)

login/min_password_lowercaseSpecifies how many characters in lower-case letters a password must contain.

Permissible values: 0 – 40; default value 0

Available after SAP NetWeaver 6.40

login/min_password_uppercaseSpecifies how many characters in upper-case letters a password must contain.

Permissible values: 0 – 40; default value 0

Available after SAP NetWeaver 6.40

login/password_history_sizeSpecifies the number of passwords (chosen by the user, not the administrator)

that the system stores and that the user cannot use again.

Permissible values: 1 – 100 (unit: number of entries); default value 5

Available after SAP NetWeaver 6.40

login/password_downwards_compatibilitySpecifies the degree of backward compatibility to be achieved. The default value

is 1, where the values have the following meaning:

0

Withlogin/password_downwards_compatibility=0, passwords are stored in a

format that systems with older kernels cannot interpret. The system only

generates new (backward incompatible) password hash values.

1

The system also generates backward compatible password hash values

internally, but does not evaluate these for password-based logons (to its own

system). This setting is required, if this system is used as the central system of a

Central User Administration that systems that only support backward compatible

password hash values are also connected to the system group.

2

The system also generates backward compatible password hash values

internally, which it evaluates if a logon with the new, non-backward compatible

password failed. In this way, the system checks whether the logon would have

been accepted with the backward compatible password (truncated after eight

characters, and converted to upper-case). This is recorded in the system log. The

logon fails. This setting is to allow the identification of backward incompatibility

problems.

3

As with 2, but the logon is regarded as successful. This setting is to allow the

avoidance of backward incompatibility problems.

4

As with 3, but no entry is created in the system log.

5

Full backward compatibility: the system only creates backward compatible

password hash values.

login/password_change_waittime

Available after SAP NetWeaver 6.40

Specifies the number of days that a user must wait before changing the password

again.

Permissible values: 1 – 1,000 (unit: days); default value 1

Available after SAP NetWeaver 6.40

login/password_compliance_to_current_policyPermissible values: 0 – no check; 1 – the system checks during password logon

whether the current password complies with the current password rules and

forces a password change if this is not the case.

Default value: 0

Available after SAP NetWeaver 6.40

login/password_max_idle_productiveSpecifies the maximum period for which a productive password (a password

chosen by the user) remains valid if it is not used. After this period has expired,

the password can no longer be used for authentication. The user administrator

can reactivate password-based logon by assigning a new initial password.

Permissible values: 0 – 24,000 (unit: days); Default value 0, that is, the check is

deactivated

Available after SAP NetWeaver 6.40

Specifies the maximum period for which an initial password (a password chosen

by the administrator) remains valid if it is not used. After this period has expired,

the password can no longer be used for authentication. The user administrator

can reactivate password-based logon by assigning a new initial password.

This parameter replaces the profile

parameterslogin/password_max_new_validandlogin/password_max_reset_valid.

Permissible values: 0 – 24,000 (unit: days); Default value 0, that is, the check is

deactivated

login/password_max_idle_initial

login/password_max_new_valid

Available after SAP NetWeaver 6.40

Defines the validity period of passwords for newly created users.

Only available in SAP Web Application Server 6.20 and 6.40.

Defines the validity period of reset passwords.

Only available in SAP Web Application Server 6.20 and 6.40.

login/password_max_reset_valid

Multiple Logon

Parameter

login/disable_multi_gui_login

Description

Controls the deactivation of multiple

dialog logons

Available as of SAP Basis 4.6

List of excepted users (multiple logon)

Available as of SAP Basis 4.6

Incorrect Logon

Parameter

login/fails_to_session_end

Description

Defines the number of unsuccessful

logon attempts before the system does

not allow any more logon attempts. The

parameter is to be set to a value lower

than the value of parameter

login/fails_to_user_lock.

Default value: 3; permissible values: 1 -

99

Defines the number of unsuccessful

logon attempts before the system locks

the user. By default, the lock applies

until midnight.

Default value: 12; permissible values: 1

-99

login/failed_user_auto_unlockDefines whether user locks due to

unsuccessful logon attempts should be

automatically removed at midnight.

Default value: 1 (Lock applies only on

same day); permissible values: 0, 1

SSO Logon Ticket

Parameter

login/accept_sso2_ticket

Description

Allows or locks the logon using SSO

ticket.

Available as of SAP Basis 4.6D, as of

SAP Basis 4.0 by Support Package

login/create_sso2_ticketAllows the creation of SSO tickets.

Available as of SAP Basis 4.6D

login/ticket_expiration_timeDefines the validity period of an SSO

ticket.

Available as of SAP Basis 4.6D

login/ticket_only_by_httpsThe logon ticket is only transferred

using HTTP(S).

Available as of SAP Basis 4.6D

When logging on over HTTP(S), sends

the ticketonlyto the server that created

the ticket.

Available as of SAP Basis 4.6D

Other Login Parameters

Parameter

login/disable_cpic

login/no_automatic_user_sapstar

login/system_client

Description

Refuse inbound connections of type

CPIC

Controls the emergency user SAP*

(SAP Notes 2383 and 68048)

Specifies the default client. This client

is automatically filled in on the system

logon screen. Users can type in a

different client.

Specifies the exactness of the logon

timestamp.

Available as of SAP Basis 4.6

login/multi_login_users

login/fails_to_user_lock

login/ticket_only_to_host

login/update_logon_timestamp

Other User Parameters

Parameter

rdisp/gui_auto_logout

Description

Defines the maximum idle time for a

user in seconds (applies only for SAP

GUI connections).

Default value: 0 (no restriction);

permissible values: any numerical

value