Profile Parameters for Logon and Password (Login Parameters) :

Password Checks Parameter login/min_password_lng login/min_password_digits Explanation Defines the minimum length of the password. Default value: 3; permissible values: 3 8 Defines the minimum number of digits (0-9) in passwords. Default value: 0; permissible values: 0 8 Available as of SAP Web AS 6.10 Defines the minimum number of letters (A-Z) in passwords. Default value: 0; permissible values: 0 8 Available as of SAP Web AS 6.10 Defines the minimum number of special characters in the password Permissible special characters are $%&/ ()=?'`*+~#-_.,;:{[]}\<> and space Default value: 0; permissible values: 0 8 Available as of SAP Web AS 6.10 This parameter defines the characters of which a password can consist. Permissible values:

login/min_password_letters

login/min_password_specials

login/password_charset

0 (restrictive): The password can only consist of digits, letters, and the following (ASCII) special characters :!"@ $%&/()=?'`*+~#-_.,;:{[]}\<>| and space 1 (backward compatible, default value): The password can consist of any characters including national special characters (such as , , from ISO Latin-1, 8859-1). However, all characters that are not contained in the set above (for value = 0) are mapped to the same special character, and the system therefore does not differentiate between them. 2 (not backward compatible): The password can consist of any characters. It is converted internally into the Unicode format UTF-8. If your system does not support Unicode, you may not be able to enter all characters on the logon screen. This restriction is limited by the code page specified by the system language.
With login/password_charset = 2, passwords are stored in a format that systems with older kernels cannot interpret. You must therefore only set the profile parameter to the value 2 after you have ensured that all systems involved support the new password coding. Available in the standard system as of SAP Web AS 6.40. login/min_password_diff Defines the minimum number of characters that must be different in the new password compared to the old password.

Default value: 1; permissible values: 1 8 Available as of SAP Web AS 6.10 login/password_expiration_time Defines the validity period of passwords in days. Default value: 0; permissible values: any numerical value If the user logs on with Single Sign-On, checks whether the user must change his or her password. Available as of SAP Web AS 6.10, as of SAP Basis 4.6 by Support Package Controls the deactivation of password-based logon This means that the user can no longer log on using a password, but only with Single Sign-On variants (X.509 certificate, logon ticket). More information: Logon Data Tab Page Available as of SAP Web AS 6.10, as of SAP Basis 4.6 by Support Package Controls the deactivation of password-based logon for user groups Available as of SAP Web AS 6.10, as of SAP Basis 4.6 by Support Package Explanation Controls the deactivation of multiple dialog logons Available as of SAP Basis 4.6 List of excepted users, that is, the users that are permitted to log on to the system more than once. Available as of SAP Basis 4.6 Explanation Defines the number of unsuccessful logon attempts before the system does not allow any more logon attempts. The parameter is to be set to a value lower than the value of parameter login/fails_to_user_lock. Default value: 3; permissible values: 1 -99 login/fails_to_user_lock Defines the number of unsuccessful logon attempts before the system locks the user. By default, the lock applies until midnight. Default value: 12; permissible values: 1 -99 Defines whether user locks due to unsuccessful logon attempts should be automatically removed at midnight. Default value: 1 (Lock applies only on same day); permissible values: 0, 1

login/password_change_for_SSO

login/disable_password_logon

login/password_logon_usergroup

Multiple Logon Parameter login/disable_multi_gui_login login/multi_login_users

Incorrect Logon Parameter login/fails_to_session_end

login/failed_user_auto_unlock

Initial Password: Limited Validity

Parameter login/password_max_new_valid

Explanation Defines the validity period of passwords for newly created users. Available as of SAP Web AS 6.10, as of SAP Basis 4.6 by Support Package Defines the validity period of reset passwords. Available as of SAP Web AS 6.10, as of SAP Basis 4.6 by Support Package Explanation Allows or locks the logon using SSO ticket. Available as of SAP Basis 4.6D, as of SAP Basis 4.0 by Support Package Allows the creation of SSO tickets. Available as of SAP Basis 4.6D Defines the validity period of an SSO ticket. Available as of SAP Basis 4.6D The logon ticket is only transferred using HTTP(S). Available as of SAP Basis 4.6D When logging on over HTTP(S), sends the ticket only to the server that created the ticket. Available as of SAP Basis 4.6D Explanation Refuse inbound connections of type CPIC Controls the emergency user SAP* (SAP Notes 2383 and 68048) Specifies the default client. This client is automatically filled in on the system logon screen. Users can type in a different client. Specifies the exactness of the logon timestamp. Available as of SAP Basis 4.6 Explanation Defines the maximum idle time for a user in seconds (applies only for SAP GUI connections). Default value: 0 (no restriction); permissible values: any numerical value

login/password_max_reset_valid

SSO Logon Ticket Parameter login/accept_sso2_ticket

login/create_sso2_ticket login/ticket_expiration_time login/ticket_only_by_https login/ticket_only_to_host

Other Login Parameters Parameter login/disable_cpic login/no_automatic_user_sapstar login/system_client

login/update_logon_timestamp

Other User Parameters Parameter rdisp/gui_auto_logout

Profile Parameters Related to Memory in SAP

abap/heaplimit ztta/roll_extension ztta/roll_extension_dia ztta/roll_extension_nondia abap/heap_area_dia abap/heap_area_nondia abap/heap_area_total ztta/roll_area ztta/roll_first abap/heap_area_total em/initial_size_MB rdisp/ROLL_SHM rdisp/ROLL_MAXFS rdisp/PG_SHM rdisp/PG_MAXFS em/blocksize_KB em/stat_log_size_MB em/stat_log_timeout

Work Process Restart Limit for Extended Memory EM Quota for Dialog Work Processes EM Quota for Non-Dialog Work Processes Heap Memory Limit for Dialog Work Processes Heap Memory Limit for Non-Dialog Work Processes Total Quota for Heap Memory Size of Roll Area Roll Area Size of the Initial Allocation from the Roll Area Heap Memory Limit Extended Memory Pool Size Roll Buffer Size Maximum Roll File Size Size of the Paging Buffer Maximum Size of SAP Paging File Segment Size for the Extended Memory Management Statistics Statistics - User Context Size Statistics - User Context Size

Dictionary Buffers
Basic maintenance

Buffer name Nametab

Field Nametab

I 6.000

II 8.000

III 10.000

Extended maintenance

Buffer name Table descr. Field catalog Short nametab Initial record

Parameter name rsdb/ntab/entrycount rsdb/ntab/ftabsize rsdb/ntab/sntabsize rsdb/ntab/irbdsize

I 4.096 2.000 1.000 1.500

II 6.144 3.000 1.000 2.000

III 7.168 3.500 1.500 2.500

Program and CUA Buffers

Basic maintenance

Buffer name Program CUA Dynpro Directory Entries Dynpro Extended maintenance

Dynpro field ABAP/4 Programs CUA Information Dynpros N.A.

I 35.000 2.200 2.200 N.A.

II 50.000 2.200 2.500 N.A.

III 70.000 2.200 3.000 N.A.

Buffer name Program CUA Dynpro

Parameter name abap/buffersize rsdb/cua/buffersize zcsa/ presentation_buffer _area

I 35.000 2.200 2.200.000

II 50.000 2.200 2.500.000

III 70.000 2.200 3.000.000

Directory Entries Dynpro

sap/bufdir_entries

2.200

2.500

3.000

Table Buffers
Basic maintenance

Buffer name Generic Key Directory Entries Generic Key Single Key Directory Entries Single

Dynpro field Generic key tables N.A.

I 7.000 N.A.

II 9.000 N.A.

III 11.000 N.A.

Single key tables N.A.

5.000 N.A.

5.000 N.A.

7.000 N.A.

Key Extended maintenance

Buffer name Generic Key Directory Entries Generic Key Single Key Directory Entries Single Key

Parameter name zcsa/table_buffer_area zcsa/db_max_buftab

I 7.000.000 1.200

II 9.000.000 1.500

III 11.000.000 2.000

rtbb/buffer_length rtbb/max_tables

5.000 100

5.000 100

7.000 100

Roll and Paging Files

Basic maintenance N.A. Extended maintenance

File Paging Roll

Parameter name rdisp/PG_MAXFS rdisp/ROLL_MAXFS

Up to 30 users 8.000 4.000

As from 30 users 16.000 8.000

Roll and Paging Areas in the Shared Memory

Area Roll Paging Parameter name rdisp/ROLL_SHM rdisp/PG_SHM Value 1000 or 0 1000 or 0

Default Profile (default.pfl)

Only one copy of the profile exist in the R/3 System and it contain setting that apply to the entire system. Parameter Definition Name of the database host Name of the update server Name of the enqueue server Name of the server for handling background processing events Name of the computer on which the message server is running Name of the TCP service under which the message server can be reached Name of the computer on which the SNA Gateway is running Name of the TCP Service under which the SNA Gateway can be reached Parameter Name in Profile SAPDBHOST rdisp/vbname rdisp/enqname rdisp/btcname rdisp/msname rdisp/msserv rdisp/sna_gateway rdisp/sna_gw_service

ICM and SAP Web Dispatcher Timeout Parameter

You want to configure the timeout settings of the Internet Communication Manager (ICM) or the SAP Web Dispatcher. The SAP Web Application Server may issue HTTP timeout error messages. The error message displayed is "500 Connection timed out" if you have not defined your own dynamic ICM error pages. If the error occurs, you can use the note to help you with troubleshooting. Other terms keepalive, 402, 500, ICM_HTTP_TIMEOUT, ICM_HTTP_CONNECTION_FAILED Reason and Prerequisites You are using ICM Release 6.40 or higher for HTTP connections of the SAP Web AS. In other words, your kernel release is 6.40 or higher. Up to and including Release 7.00, ICM is only used in systems which also have an ABAP stack, and not in J2EE-only systems. You may also be using the SAP Web Dispatcher. Solution The note describes the following: Client and server roles of the ICM List of the various ICM timeout parameters Short description of the icm/conn_timeout parameter Description of "Processing timeout" and "Keepalive timeout" Configuration of the ICM parameters for the processing timeout and the keepalive timeout Timeout parameters in the SAP Web Dispatcher ICM kernel patches that affect timeouts There is detailed ICM documentation in the SAP Knowledge Warehouse.

Client and server roles of the ICM The ICM can forward incoming HTTP connections for further processing to the SAP Web Application Server; the ICM then serves as the HTTP server. The ICM can also forward outgoing HTTP connections from the SAP Web Application Server to other HTTP servers; the ICM then serves as the HTTP client.

Available parameters that control ICM timeouts icm/conn_timeout icm/keep_alive_timeout icm/server_port_< n > Parameter icm/conn_timeout icm/conn_timeout is used to set the timeout when setting up the connection. If the timeout is exceeded, an error page is generally displayed with the information "404 Resource not found" "Partner not reached". Therefore, exceeding the icm/conn_timeout does not lead to a "500 Connection timed out" error message. Processing timeout and keepalive timeout The icm/keep_alive_timeout and icm/server_port_< n > parameters define the keepalive timeout and the processing timeout. ICM distinguishes between these two types of timeout. The processing timeout is the timeout between the HTTP request being issued and the HTTP response being received. If the ICM is used as a server for the relevant HTTP request (in other words, when it forwards an incoming request to the SAP Web Application Server), the processing timeout is the time that the ICM will wait until a response is received from the SAP Web Application Server (ABAP or J2EE). This interval may be exceeded with long-running applications in ABAP or the J2EE engine. If the ICM serves as a client for the relevant HTTP request (that is, when it forwards outgoing requests from the SAP Web Application Server), the processing timeout is the time that the ICM waits until a response is received from the network. This interval may also be exceeded in the case of long-running applications in the network. The keepalive timeout specifies how long the network should remain open after a request has been processed successfully so that the TCP/IP connection does not have to be reestablished if additional requests are received. When you set the keepalive timeout, this does not normally lead to timeout errors. You should set the keepalive timeout high enough that the connection does not have to be reestablished for requests that are sent within a short time of each other, but low enough that the number of unused open TCP/IP connections is not unnecessarily high. Configuration of the ICM parameters for the processing timeout and the keepalive timeout For the ICM, the parameters mentioned here are in the instance profile. The processing timeout is set for individual services with the following parameter: icm/server_port_ < n > = ...,PROCTIMEOUT=< s >. The keepalive timeout can be set globally for all services of the ICM with the parameter icm/keepalive_timeout. You can also set it for individual services by using the following parameter: icm/server_port_ < n > = ...,TIMEOUT=< s >. If you set this parameter, it overwrites parameter icm/keepalive_timeout for the specified service. Even if the ICM serves as client for a request, the TIMEOUT and PROCTIMEOUT parameters of icm/server_port_ < n > control the timeouts for the relevant protocol, provided that you have set TIMEOUT or PROCTIMEOUT. If you have not set the PROCTIMEOUT parameter, TIMEOUT (or icm/keepalive_timeout) defines both the processing timeout and the keepalive timeout. Also, as of release 6.40, the keepalive timeout is limited to a maximum of 30 seconds. In a system where the default timeout settings of 30 seconds for the keepalive timeout and the processing timeout are not sufficient because of long-running applications, we recommend that you set the TIMEOUT and PROCTIMEOUT parameters for the relevant services so that you can configure them independently of each other. In addition, we recommend that you do not set the TIMEOUT value higher than necessary, for example, to the usual default value of 30 seconds. We recommend, for example, the following settings: icm/server_port_0 = PROT=HTTP,PORT=1080,TIMEOUT=30,PROCTIMEOUT=600 to allow a maximum processing time of 10 minutes. Timeout parameters in the SAP Web Dispatcher The same timeout parameters are available for the SAP Web Dispatcher as for the ICM. You can change the parameters of the SAP Web Dispatcher in the profile file of the SAP Web Dispatcher (for example, sapwebdisp.pfl). We recommend that you set the same parameters in the SAP Web Dispatcher and ICM. Known errors in ICM and Web Dispatcher timeout handling Since 6.40 patch level 64, there have not been any known errors in ICM and Web Dispatcher timeout handling. In Release 7.00, there are no known errors in ICM and Web Dispatcher Timeout Handling. Known Internet Explorer errors in the keepalive timeout handling

Known errors in the keepalive handling from Internet Explorer are described in Note 900804. However, these errors are not usually displayed as timeout errors.