Skip Navigation Links | |
Exit Print View | |
Oracle Fusion Middleware Administration Guide for Oracle Unified Directory 11g Release 1 (11.1.1) |
1. Starting and Stopping the Server
2. Configuring the Server Instance
3. Configuring the Proxy Components
4. Configuring Security Between Clients and Servers
5. Configuring Security Between the Proxy and the Data Source
6. Managing Oracle Unified Directory With Oracle Directory Services Manager
10. Managing Users and Groups With dsconfig
11. Managing Password Policies
To View the Properties of the Default Password Policy
Password Policies in a Replicated Environment
Configuring Password Policies by Using the Command Line
To Create a New Password Policy
To Create a First Login Password Policy
To Assign a Password Policy to an Individual Account
To Prevent Password Policy Modifications
To Assign a Password Policy to a Group of Users
Configuring Password Policies by Using Oracle Directory Services Manager
List the Configured Password Policy Subentries
Create a Password Policy Subentry
Create a Password Policy Subentry Based on an Existing Password Policy Subentry
Delete a Password Policy Subentry
Display the Configured Password Policies
Create a Password Policy Based on an Existing Password Policy
Display the Supported Password Validators
Enable or Disable a Password Validator
Display the Supported Password Storage Schemes
Enable or Disable a Password Storage Scheme
All password policies involve the following configurable components:
Password complexity requirements. Specifies the composition of the password and its required number of characters. Typically, you would specify the minimum number of characters used in a password, the type of characters allowed, and the required number of numeric characters. For example, many institutions require a minimum of seven or eight characters, one numeral, one special character, as well as a mix of uppercase and lowercase letters.
Password history. Determines the number of unique passwords a user must use before an old password can be reused.
Maximum password age. Determines how long a password can be used before the user is allowed or required to change it.
Minimum password age. Determines how long a new password must be kept before the user can change it.
First Login. Determines if the user will be required to change his password upon first logging in to the system.
Authorized password change. Refers to the conditions under which a user can change his password. For example, before a user can change his password, the server can be configured to require the user to enter his current password to authenticate his identity before entering a new password.
Account lockout. Determines the conditions under which an account is disabled for access by the user. For example, if a user fails to properly authenticate after three attempts, then the server can be configured to lock the account on the fourth attempt. The administrator will be required to manually unlock the account for user.
Password storage scheme. Determines how the password is to be encrypted and stored on the server. You can configure storage schemes for certain accounts on the server. For example, root user passwords require strong encryption due to the importance of the account and its privileges. Thus, you can configure the use the SSHA-512 storage scheme to store root user passwords.