Hello,
We use SSO based logon into SAP systems.
I have a conundrum with 2 Security parameters: login/password_change_for_SSO and login/password_max_idle_initial
In our system(ECC 6 EHP3), the paramter: login/password_change_for_SSO = 0
0 = Ignore requirement for password change
Description:
With non-password-based logon variants (SSO: SNC, X.509, PAS, logon
ticket), the system has, up to now, not checked whether the user has
a password that he or she must change.
Now, login/password_max_idle_initial
Since the parameter login/password_change_for_SSO is set to '0', the system does not prompt dialog user to change his initial password.
Let's say we change the parameter login/password_max_idle_initial = 10 (right now it's 0).
Now, if a dialog user logs into the system within 10 days of password (re)set, the system won't ask him for changing password (due to SSO), so ideally the user has not changed his initial password.
Will the system lock out the user after 10 days, because his password is still initial? Even though he has logged into the system.
Thanks in advance.