|
Administration Console Online Help
|
Domain-->Compatibility
Security-->Passwords
Tasks Related Topics Attributes
Overview
WebLogic Server provides a set of attributes to protect user accounts from intruders. By default, these attributes are set for maximum protection. As a system administrator, you have the option of turning off all the attributes, increasing the number of login attempts before a user account is locked, increasing the time period in which invalid login attempts are made before locking the user account, and changing the amount of time a user account is locked. Use this tab to change these attributes. This tab applies to WebLogic Server deployments using Compatibility security. Remember that changing the attributes on this tab lessens security and leaves user accounts vulnerable to security attacks.
Tasks
Protecting User Accounts
Related Topics
Introduction to WebLogic Security
Managing WebLogic Security
Programmimg WebLogic Security
Developing Security Providers for WebLogic Server
Securing a WebLogic Server Deployment
Upgrading Security in WebLogic Server Version 6.x to WebLogic Server Version 7.0
Security FAQ
Attributes
|
Attribute Label
|
Description
|
Value Constraints
|
|
Minimum Password Length
|
The minimum number of characters required in any domain password.
|
Minimum: 0
Default: 8
Configurable: yes
Readable: yes
Writable: yes
|
|
Lockout Enabled
|
Controls whether or not WebLogic Server tracks invalid login attempts and takes appropriate action.
|
Default: true
Readable: yes
Writable: yes
|
|
Lockout Threshold
|
Number of failed logins for a user that can be tried before that account is locked. Any subsequent attempts to access the account (even if the username/password combination is correct) cause a security exception. If a security exception occurs, the account remains locked until it is explicitly unlocked by the system administrator or another login attempt is made after the lockout duration period ends. Note that invalid login attempts must be made within a span defined by the Lockout Reset Duration attribute to count toward the value of the Lockout Thresholdattribute.
|
Minimum: 1
Maximum: 99999
Default: 5
Configurable: yes
Readable: yes
Writable: yes
|
|
Lockout Duration
|
Number of minutes that a user's account remains inaccessible after being locked in response to several invalid login attempts within the amount of time specified in the LockoutResetDurationattribute. In order to unlock a user account, you must have the unlockuser permission for the Password Policy MBean.
|
Minimum: 0
Maximum: 999999
Default: 30
Configurable: yes
Readable: yes
Writable: yes
|
|
Lockout Reset Duration
|
Number of minutes within which the invalid login attempts must happen in order for the user's account to be locked.
An account is locked if the number of invalid login attempts defined in the Lockout Thresholdattribute happens within the amount of time defined by this field.
|
Minimum: 1
Maximum: 99999
Default: 5
Configurable: yes
Readable: yes
Writable: yes
|
|
Lockout Cache Size
|
Size of cache of unused invalid login attempts.
|
Minimum: 0
Maximum: 99999
Default: 5
Configurable: yes
Readable: yes
Writable: yes
|
