net password encryption reqd

net password encryption reqd restricts login authentication to use only RSA encryption algorithm or the SAP proprietary algorithm.

Summary Information

Default value

0

Range of values

0 – 3

Status

Dynamic

Display level

Intermediate

Required role

System security officer

Configuration group

Security Related

Values and descriptions for net password encryption reqd

Value

Description

0

Allows the client to choose the encryption algorithm used for login passwords on the network, including no password encryption.

1

Restricts clients to use either RSA or SAP proprietary encryption algorithms to encrypt login passwords on the network. This provides an incrementally restrictive setting that allows clients who have previously connect to reconnect with the SAP proprietary algorithm and new clients to connect with the stronger RSA algorithm. A client that attempts to connect without using password encryption fails.

2

Restricts clients to use only the RSA encryption algorithms to encrypt login passwords on the network. This provides strong RSA encryption of passwords. Clients that attempt to connect without using the RSA encryption fail.

3

SAP ASE allows only incoming clients that use the EPEP login protocol. The values 0, 1, and 2 also allow EPEP login protocol to be used when a client that supports the login protocol attempts to use it with an SAP ASE that implements the EPEP login protocol.

Note: Setting the value to 2 or 3 increases network memory to support the maximum configured connections using this protocol. additional network memory dynamically adds more memory to the network memory pool used by EPEP. When the value is set to 3, the KPP Handler goes into sleep status. This is because there is no need to provide new RSA key pair for every connection. Use sp_who to check the KPP Handler status.

When a connection is refused because network password encryption is required, the client receives:

Msg 1640, Level 16, State 2:
Adaptive Server requires encryption of the login
password on the network.