Solution : https://service.sap.com/sap/support/notes/1764043 (SAP Service marketplace login required)
Summary :
SAP Kernel 7.20, Patch Level 100, enhances security for database user authentication by integrating a new system, Secure Storage in File System (SSFS), to securely store SAP database user and password data. Previously, the BRCONNECT "chpass" function handled this by updating both Oracle dictionary and SAP's internal storage simultaneously. With the update, this function will modify login information in SSFS instead. This secure method also separately maintains Java schema passwords but required manual updates via the SAP J2EE configuration tool until now. The note details the implementation of a new command option "-s|-secstore" in the BRCONNECT feature for managing passwords effectively across various SAP schemas without legacy storage tables like SAPUSER.
Key words :
orapwd file=$oracle_home/dbs/orapw<dbsid> password=<pwd> entries=10windows, $sapdata_home/security/rsecssfs/data$sapdata_home/security/rsecssfs/keythese directories, /usr/sap/<sapsid>/sys/global/sltools/sharedlib/checkkeyphrase, \usr\sap\<sapsid>\sys\global\sltools\sharedlib\checkkeyphrase, 41 brrestore-rwsr-xr-- 1 ora<sid> dbstaff 21655416 feb 4 13, 41 brarchive-rwsr-xr-- 1 ora<sid> dbstaff 16235320 feb 4 13, 41 brbackup-rwsr-xr-- 1 ora<sid> dbstaff 20176232 feb 4 13, 41 brconnect-rwsr-xr-- 1 ora<sid> dbstaff 17120056 feb 4 13, -rwsr-xr-- 1 ora<sid> dbstaff 15852744 feb 4 13, > rm $sapdata_home/security/rsecssfs/data/ - store
Related Notes :
| 1780057 | Corrections in BR*Tools 7.20 patch 28 |
| 1639578 | SSFS as password storage for primary database connect |
| 1622837 | Secure connection of AS ABAP to Oracle via SSFS |
| 1428529 | Corrections in BR*Tools Version 7.20 |
| 378648 | Offline backup support with Oracle Fail Safe |