bea.com | products | dev2dev | support | askBEA
 Download Docs   Site Map   Glossary 
Search
e-docs > WebLogic Server > WebLogic Server Configuration Reference > PasswordPolicy

WebLogic Server Configuration Reference

 Previous Next Contents Index View as PDF  

PasswordPolicy

Syntax

<!ELEMENT PasswordPolicy EMPTY >
<!ATTLIST PasswordPolicy
   LockoutCacheSize           CDATA                    "5"
   LockoutDuration            CDATA                    "30"
   LockoutEnabled             (true | false)           "true"
   LockoutGCThreshold         CDATA                    "400"
   LockoutResetDuration       CDATA                    "5"
   LockoutThreshold           CDATA                    "5"
   MinimumPasswordLength      CDATA                    "8"
   Name                       CDATA                    #REQUIRED
   Notes                      CDATA                    #IMPLIED
>

Parent Elements

The PasswordPolicy element is a child of the Domain element.

Attributes

Table 57-1 PasswordPolicyMBean Element Attributes

Attribute

Description

Range of Values and Default

Console Label

Lockout-Cache-Size

Size of cache of unused invalid login attempts.

Default: 5

Minimum: 0

Maximum: 99999

Lockout Cache Size

Lockout-Duration

Number of minutes that a user's account remains inaccessible after being locked in response to several invalid login attempts within the amount of time specified in the LockoutResetDurationattribute. In order to unlock a user account, you must have the unlockuser permission for the Password Policy MBean.

Default: 30

Minimum: 0

Maximum: 999999

Lockout Duration

Lockout-Enabled

Controls whether or not WebLogic Server tracks invalid login attempts and takes appropriate action.

Default: true

Lockout Enabled

Lockout-GCThreshold

If the number of current invalid login attempts is equal to or great than this attribute, WebLogic Server deletes any expired records from the cache. The lower the value of this attribute, the more often WebLogic Server clears the cache. This may impact the performance of WebLogic Server. Set the attribute accordingly.

Default: 400

Minimum: 0

Maximum: 999999

Lockout GCThreshold

Lockout-Reset-Duration

Number of minutes within which the invalid login attempts must happen in order for the user's account to be locked.

An account is locked if the number of invalid login attempts defined in the Lockout Thresholdattribute happens within the amount of time defined by this field.

Default: 5

Minimum: 1

Maximum: 99999

Lockout Reset Duration

Lockout-Threshold

Number of failed logins for a user that can be tried before that account is locked. Any subsequent attempts to access the account (even if the username/password combination is correct) cause a security exception. If a security exception occurs, the account remains locked until it is explicitly unlocked by the system administrator or another login attempt is made after the lockout duration period ends. Note that invalid login attempts must be made within a span defined by the Lockout Reset Duration attribute to count toward the value of the Lockout Thresholdattribute.

Default: 5

Minimum: 1

Maximum: 99999

Lockout Threshold

Minimum-Password-Length

The minimum number of characters required in any domain password.

Default: 8

Minimum: 0

Minimum Password Length

Name

The name of this configuration. WebLogic Server uses an MBean to implement and persist the configuration.


Name

Notes

Optional information that you can include to describe this configuration.


Notes

 

 

Back to Top Previous Next