In SAP note 3303172 – Activating a Super-User SAP* SAP is describing a new alternative to activate user SAP*.
The SAP* activation is required in some cases. Systems that are protected well have the parameter login/no_automatic_user_sapstar set to 1 which will forbid the logon with SAP* (see also blog on SAP standard users). To use SAP* this parameter has to be set to 0, followed by system restart to activate it (the parameter is not dynamic). Often after using SAP* it is forgotten to undo the SAP* activation or to set the parameter login/no_automatic_user_sapstar to the secure 1 status again.
The new way described is available as of kernel release 790 and a separate tool with a short lived password only.