Open sean-freeman opened 4 months ago
Is there a list of forbidden characters? SAP note 2667891 mentions $
but only as an example.
Referenced SAP note 2250144 only refers to SAP note 3158257, which does not refer to valid passwords or special characters.
Referenced SAP note 3158257 does not refer to valid passwords or special characters either.
A first solution could be that we define a list or dict of forbidden special characters to be used for passwords and in the first step just use the character $
as the only entry.
I do not believe there is a specific list published by SAP, which is unfortunate. The below are the notes from the Ansible Playbooks for SAP project FAQ page.
Reference:
No special recommendations
Restricted to certain Special Characters #$@_
. Must not begin with a digit.
Avoid use of Special Character $
which may cause automation errors when parsed
Avoid use of Special Character $
which may cause automation errors when parsed. Must not begin with a digit or underscore.
Note: These are configurable in the Profile Parameters (
login/min_password_*
andlogin/password_*
), below are default
!"@$%&/()=?’*+~#-_.,;:{[]}\<>│
. Not advisible to use \
or "
Reference:
For SAP NetWeaver Application Server (ABAP) see document Password Rules - User and Role Administration - SAP NetWeaver Application Server for ABAP 7.52.
For further information, please see User Guides for System Provisioning with Software Provisioning Manager which contains a list of different guides under two sections:
On each of these pages (for SWPM 1.0/2.0) there are documents (HTML/PDF) in a table with choice for Database, Product Release, Operating System Platform, Technical Track
. Each document contains layered sections 'Planning > Basic Installation Parameters > SAP System Parameters' with Password limitation information.
For example, SAP System Parameters - Installation of SAP ABAP Systems on UNIX : SAP HANA 2.0 - SWPM 2.0.
Please note, these guides are different than those listed on Guide Finder for SAP NetWeaver and ABAP Platform.
We should probably also provide a warning in the
sap_hana_install
andsap_swpm
Ansible Roles, regarding Linux Special Characters (aka. Metacharacters).It is most noticeable when hdbuserstore executes successfully, but the subsequent login does not work. This is because the password has been incorrectly parsed by the Shell.
For more information, see SAP Note 2667891 - R3trans gives authentication error after system copy and restart which recommends escaping characters during data entry (i.e. hdbuserstore) or subsequently escaping characters for all logins.
A warning message during Ansible Role execution to state the password may cause issues, will be sufficient.