SAP Parameter login/password_downwards_compatibility - password downwards compatibility (8 / 40 characters, case-sensitivity)


Short text
Backward Compatibility of Passwords
As of SAP NetWeaver (SAP_BASIS) 7.0, the system supports logon withpasswords that can consist of up to 40 characters (previously: 8), andwhich are case-sensitive (previously, the system automatically convertedfrom lowercase to uppercase letters). It is also possible to use anyUnicode characters.
Unfortunately, this change is not backward compatible. The passwords arestored as hash values that are not backward compatible. If you are usingthis system together with other systems that only support backwardcompatible password hash values, you need to react appropriately.
The values of this profile parameter specify the desired behavior(default value = 1):

  • 0 : No backward compatibility; the system only generates new password
  • hash values (which are not backward compatible).
    • 1 : The system also generates backward compatible password hash values
    • internally, but does not evaluate these for logons (to the local system)with passwords; this setting is necessary if this system is used as acentral system of a Central User Administration, and systems that onlysupport backward compatible password hash values are connected to thesystem group.
      • 2: The system also generates backward compatible password hash values
      • internally and evaluates these if a logon with a password that is notbackward compatible fails, to check whether the logon with the backwardcompatible password (truncated after 8 characters and converted touppercase letters) would have been accepted. This is logged in thesystem log; the logon fails. (This setting identifies backwardincompatibility problems.)
        • 3 : As with 2, but the logon is regarded as successful (avoidance of
        • backward incompatibility problems).
          • 4 : As with 3, but no system log entry is written.

          • 5 : System only issues backward compatible passwords hash values.
          • Work area

            Default value
            1 (Latent backward compatibility)

            • login/password_charset

            • login/min_password_lng

            • login/min_password_diff

            • login/min_password_digits

            • login/min_password_letters

            • login/min_password_specials

            • login/min_password_lowercase

            • login/min_password_uppercase

            • login/password_compliance_to_current_policy

              0, 1, 2, 3, 4, 5