关于sap的Logon的几个参数

1  Authorization updates completed without logging off
auth/new_buffering to  该参数设为4,权限的修改将立即起作用,不用用户重新登录. 如果有其他疑问请查阅note 209899.

2  Preventing multiple dialog user logons
login/disable_multi_gui_login 该参数可以设置同个client同个用户ID可以允许同时登录几个,当设为1时,系统将提示用户选择: 'Terminate the Current Sessions' or 'Terminate this Login.' ,以达到保证只允许一个登录.

3Profile Parameters for Logon and Password (Login Parameters)
To make the parameters globally effective in an SAP System (system profile parameters), set them in the default system profile DEFAULT.PFL. However, to make them instance-specific, you must set them in the profiles of each application server in your SAP System.

To display the documentation for one of the parameters, choose Tools®CCMS®Configuration®Profile Maintenance(transaction RZ10), specify the parameter name and choose Display. On the following screen, choose the Documentation pushbutton.

Password Checks

Parameter	Description
login/min_password_lng	Defines the minimum length of the password. Default value: 3; permissible values: 3 – 40 Until SAP NetWeaver 6.40 (inclusive), up to 8 characters.
login/min_password_digits	Defines the minimum number of digits (0-9) in passwords. Default value: 0; permissible values: 0 – 40 Available as of SAP Web AS 6.10 (Until SAP NetWeaver 6.40 (inclusive), up to 8 characters.)
login/min_password_letters	Defines the minimum number of letters (A-Z) in passwords. Default value: 0; permissible values: 0 – 40 Available as of SAP Web AS 6.10 (Until SAP NetWeaver 6.40 (inclusive), up to 8 characters.)
login/min_password_specials	Defines the minimum number of special characters in the password Permissible special characters are, in particular, !"@ $%&/()=?'`*+~#-_.,;:{[]}\<>| and space After SAP NetWeaver 6.40, all characters that are not letters or digits are regarded as special characters. Default value: 0; permissible values: 0 – 40 Available as of SAP Web AS 6.10 (Until SAP NetWeaver 6.40 (inclusive), up to 8 characters.)
login/password_charset	This parameter defines the characters of which a password can consist. Permissible values: ·        0 (restrictive): The password can only consist of digits, letters, and the following (ASCII) special characters :!"@ $%&/()=?'`*+~#-_.,;:{[]}\<>| and space ·        1 (backward compatible, default value): The password can consist of any characters including national special characters (such as ä, ç, ß from ISO Latin-1, 8859-1). However, all characters that are not contained in the set above (for value = 0) are mapped to the same special character, and the system therefore does not differentiate between them. ·        2 (not backward compatible): The password can consist of any characters. It is converted internally into the Unicode format UTF-8. If your system does not support Unicode, you may not be able to enter all characters on the logon screen. This restriction is limited by the codepage specified by the system language. With login/password_charset = 2, passwords are stored in a format that systems with older kernels cannot interpret. You must therefore only set the profile parameter to the value 2 after you have ensured that all systems involved support the new password coding. Available in the standard system as of SAP Web AS 6.40.
login/min_password_diff	Defines the minimum number of characters that must be different in the new password compared to the old password. Default value: 1; permissible values: 1 – 40 Available as of SAP Web AS 6.10 (Until SAP NetWeaver 6.40 (inclusive), up to 8 characters.)
login/password_expiration_time	Defines the validity period of passwords in days. Default value: 0; permissible values: 0 -1000
login/password_change_for_SSO	If the user logs on with Single Sign-On, checks whether the user must change his or her password. Available as of SAP Web AS 6.10, as of SAP Basis 4.6 by Support Package
login/disable_password_logon	Controls the deactivation of password-based logon This means that the user can no longer log on using a password, but only with Single Sign-On variants (X.509 certificate, logon ticket). See Logon Data Tab Page Available as of SAP Web AS 6.10, as of SAP Basis 4.6 by Support Package
login/password_logon_usergroup	Controls the deactivation of password-based logon for user groups Available as of SAP Web AS 6.10, as of SAP Basis 4.6 by Support Package
login/min_password_lowercase	Specifies how many characters in lower-case letters a password must contain. Permissible values: 0 – 40; default value 0 Available after SAP NetWeaver 6.40
login/min_password_uppercase	Specifies how many characters in upper-case letters a password must contain. Permissible values: 0 – 40; default value 0 Available after SAP NetWeaver 6.40
login/password_history_size	Specifies the number of passwords (chosen by the user, not the administrator) that the system stores and that the user cannot use again. Permissible values: 1 – 100 (unit: number of entries); default value 5 Available after SAP NetWeaver 6.40
login/password_downwards_compatibility	Specifies the degree of backward compatibility to be achieved. The default value is 1, where the values have the following meaning: 0 With login/password_downwards_compatibility = 0, passwords are stored in a format that systems with older kernels cannot interpret. The system only generates new (backward incompatible) password hash values. 1 The system also generates backward compatible password hash values internally, but does not evaluate these for password-based logons (to its own system). This setting is required, if this system is used as the central system of a Central User Administration that systems that only support backward compatible password hash values are also connected to the system group. 2 The system also generates backward compatible password hash values internally, which it evaluates if a logon with the new, non-backward compatible password failed. In this way, the system checks whether the logon would have been accepted with the backward compatible password (truncated after eight characters, and converted to upper-case). This is recorded in the system log. The logon fails. This setting is to allow the identification of backward incompatibility problems. 3 As with 2, but the logon is regarded as successful. This setting is to allow the avoidance of backward incompatibility problems. 4 As with 3, but no entry is created in the system log. 5 Full backward compatibility: the system only creates backward compatible password hash values. Available after SAP NetWeaver 6.40
login/password_change_waittime	Specifies the number of days that a user must wait before changing the password again. Permissible values: 1 – 1,000 (unit: days); default value 1 Available after SAP NetWeaver 6.40
login/password_compliance_to_current_policy	Permissible values: 0 – no check; 1 – the system checks during password logon whether the current password complies with the current password rules and forces a password change if this is not the case. Default value: 0 Available after SAP NetWeaver 6.40
login/password_max_idle_productive	Specifies the maximum period for which a productive password (a password chosen by the user) remains valid if it is not used. After this period has expired, the password can no longer be used for authentication. The user administrator can reactivate password-based logon by assigning a new initial password. Permissible values: 0 – 24,000 (unit: days); Default value 0, that is, the check is deactivated Available after SAP NetWeaver 6.40
login/password_max_idle_initial	Specifies the maximum period for which an initial password (a password chosen by the administrator) remains valid if it is not used. After this period has expired, the password can no longer be used for authentication. The user administrator can reactivate password-based logon by assigning a new initial password. This parameter replaces the profile parameters login/password_max_new_valid and login/password_max_reset_valid. Permissible values: 0 – 24,000 (unit: days); Default value 0, that is, the check is deactivated Available after SAP NetWeaver 6.40
login/password_max_new_valid	Defines the validity period of passwords for newly created users. Only available in SAP Web Application Server 6.20 and 6.40.
login/password_max_reset_valid	Defines the validity period of reset passwords. Only available in SAP Web Application Server 6.20 and 6.40.

Multiple Logon

Parameter	Description
login/disable_multi_gui_login	Controls the deactivation of multiple dialog logons Available as of SAP Basis 4.6
login/multi_login_users	List of excepted users (multiple logon) Available as of SAP Basis 4.6

Incorrect Logon

Parameter	Description
login/fails_to_session_end	Defines the number of unsuccessful logon attempts before the system does not allow any more logon attempts. The parameter is to be set to a value lower than the value of parameter login/fails_to_user_lock. Default value: 3; permissible values: 1 -99
login/fails_to_user_lock	Defines the number of unsuccessful logon attempts before the system locks the user. By default, the lock applies until midnight. Default value: 12; permissible values: 1 -99
login/failed_user_auto_unlock	Defines whether user locks due to unsuccessful logon attempts should be automatically removed at midnight. Default value: 1 (Lock applies only on same day); permissible values: 0, 1

SSO Logon Ticket

Parameter	Description
login/accept_sso2_ticket	Allows or locks the logon using SSO ticket. Available as of SAP Basis 4.6D, as of SAP Basis 4.0 by Support Package
login/create_sso2_ticket	Allows the creation of SSO tickets. Available as of SAP Basis 4.6D
login/ticket_expiration_time	Defines the validity period of an SSO ticket. Available as of SAP Basis 4.6D
login/ticket_only_by_https	The logon ticket is only transferred using HTTP(S). Available as of SAP Basis 4.6D
login/ticket_only_to_host	When logging on over HTTP(S), sends the ticket only to the server that created the ticket. Available as of SAP Basis 4.6D

Other Login Parameters

Parameter	Description
login/disable_cpic	Refuse inbound connections of type CPIC
login/no_automatic_user_sapstar	Controls the emergency user SAP* (SAP Notes 2383 and 68048)
login/system_client	Specifies the default client. This client is automatically filled in on the system logon screen. Users can type in a different client.
login/update_logon_timestamp	Specifies the exactness of the logon timestamp. Available as of SAP Basis 4.6

Other User Parameters

Parameter	Description
rdisp/gui_auto_logout	Defines the maximum idle time for a user in seconds (applies only for SAP GUI connections). Default value: 0 (no restriction); permissible values: any numerical value

相应tCODE: RZ11,RZ10