Skip Navigation Links | |
Exit Print View | |
Oracle Fusion Middleware Administration Guide for Oracle Unified Directory 11g Release 1 (11.1.1) |
1. Starting and Stopping the Server
2. Configuring the Server Instance
3. Configuring the Proxy Components
4. Configuring Security Between Clients and Servers
5. Configuring Security Between the Proxy and the Data Source
6. Managing Oracle Unified Directory With Oracle Directory Services Manager
10. Managing Users and Groups With dsconfig
11. Managing Password Policies
To View the Properties of the Default Password Policy
Password Policies in a Replicated Environment
Configuring Password Policies by Using the Command Line
To Create a New Password Policy
To Create a First Login Password Policy
To Assign a Password Policy to an Individual Account
To Prevent Password Policy Modifications
To Assign a Password Policy to a Group of Users
Configuring Password Policies by Using Oracle Directory Services Manager
List the Configured Password Policy Subentries
Create a Password Policy Subentry
Create a Password Policy Subentry Based on an Existing Password Policy Subentry
Delete a Password Policy Subentry
Display the Configured Password Policies
Create a Password Policy Based on an Existing Password Policy
Display the Supported Password Validators
Enable or Disable a Password Validator
You can use ODSM to manage password policies, as described in the following sections.
You can display all password policy subentries that are configured in the server by using ODSM, as follows:
Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Security tab.
Expand the Password Policy Subentry element.
The DNs of all password policy subentries are listed.
To display the details of a password policy subentry, select its DN.
The password policy subentry properties are displayed in the right hand pane.
To modify any aspect of the password policy subentry, change the required value and click Apply.
For a description of all possible properties, and their values, see the Oracle Unified Directory Configuration Reference.
You can create a new password policy subentry by using ODSM, as follows:
Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Security tab.
Expand the Password Policy Subentry element.
Click the Add icon.
The password policy subentry properties are displayed in the right hand pane.
On the Create new password policy subentry screen, complete the required fields.
For a description of all possible properties, and their values, see the Oracle Unified Directory Configuration Reference.
When you have completed configuring the password policy subentry, click Create.
You can create a new password policy subentry that is based on an existing password policy subentry by using ODSM, as follows:
Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Security tab.
Expand the Password Policy Subentry element.
Select the password policy subentry on which you want to base the new subentry.
Click the Add like icon.
The properties of the original password policy subentry are displayed in the right hand pane.
Modify the required values.
For a description of all possible properties, and their values, see the Oracle Unified Directory Configuration Reference.
When you have completed configuring the new password policy subentry, click Create.
You can delete a password policy subentry by using ODSM, as follows:
Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Security tab.
Expand the Password Policy Subentry element.
Select the password policy subentry that you want to deleted.
Click the Delete icon.
You are prompted to confirm the deletion. Click OK.
You can display the list of password policies by using ODSM, as follows:
Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Security tab.
Expand the Password Policy element.
The list of configured password policies is displayed.
Select a password policy to display its properties in the right hand pane.
For a description of all possible properties, and their values, see the Oracle Unified Directory Configuration Reference.
You can modify a configured password policy by using ODSM, as follows:
Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Security tab.
Expand the Password Policy element.
The list of configured password policies is displayed.
Select the password policy whose properties you want to modify.
For a description of all possible properties, and their values, see the Oracle Unified Directory Configuration Reference.
You can create a new password policy by using ODSM, as follows:
Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Security tab.
Expand the Password Policy element.
Click the Add icon.
On the Create New Password Policy screen, configure the required properties.
For a description of all possible properties, and their values, see the Oracle Unified Directory Configuration Reference.
When you have configured the new password policy, click Create.
You can create a new password policy that is based on an existing password policy by using ODSM, as follows:
Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Security tab.
Expand the Password Policy element.
Select the password policy on which you want to base the new policy.
Click the Add like icon.
On the Create New Password Policy screen, modify the properties to create the new policy.
For a description of all possible properties, and their values, see the Oracle Unified Directory Configuration Reference.
When you have configured the new password policy, click Create.
You can delete a password policy by using ODSM, as follows:
Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Security tab.
Expand the Password Policy element.
Select the password policy that you want to delete.
Click the Delete icon.
Click OK to confirm the deletion.
A password validator is a component of the password policy that determines whether a proposed password is acceptable for use. Oracle Unified Directory provides the following password validators:
Similarity-Based Password Validator. Used to reject a password if it is too similar to the user's current password.
Dictionary. Used to reject a password if it is a word that can be found in a dictionary.
Character Set. Used to reject a password if the value does not contain characters from an acceptable range of character sets.
Attribute Value. Used to reject a password if the value exists in any of the attributes contained in the user's entry.
Unique Characters. Use to reject a password if it does not contain enough unique characters.
Repeated Characters. Used to reject a password if it contains a string of too many repeated characters.
Length-Based Password Validator. Used to reject a password if it is too long or too short.
You can use ODSM to display the list of password validators, as follows:
Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Security tab.
Expand the Password Validators element.
The list of password validators is displayed.
You can use ODSM to enable or disable a password validator, as follows:
Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Security tab.
Expand the Password Validators element.
Select the password validator that you want to enable or disable.
In the right hand pane, check or uncheck the Enabled box, as required.
Click Apply to save your changes.
A password storage scheme provides a mechanism for encoding user passwords for storage in the server. In most cases, the password is encoded in a manner that prevents users from determining what the clear-text password is, while still allowing the server to determine whether the user-supplied password is correct. Oracle Unified Directory supports a number of password storage schemes. For more information, see password storage scheme in Oracle Fusion Middleware Glossary for Oracle Unified Directory.
You can use ODSM to display the list of password storage schemes, as follows:
Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Security tab.
Expand the Password Storage element.
The list of password storage schemes is displayed.
You can use ODSM to enable or disable a password storage scheme, as follows:
Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Security tab.
Expand the Password Storage element.
Select the password storage scheme that you want to enable or disable.
In the right hand pane, check or uncheck the Enabled box, as required.
Click Apply to save your changes.