Bookshelf Home | Contents | Index | PDF |
Siebel Security Guide > Security Features of Siebel Web Server Extension > Login Security Features > Account Policies and Password ExpirationFor enhanced security, you might want to implement the following account policies. Account policies are functions of your authentication service. If you want to implement account policies, then you are responsible for setting them up through administration features provided by the authentication service vendor.
About Password ExpirationPassword expiration can be implemented in the following authentication strategies:
If you are using an LDAP or ADSI security adapter, then password expiration is handled by the external LDAP directory or Active Directory, and is subject to the configuration of this behavior for the third-party directory product. For example, when a password is about to expire, the directory might provide warning messages to the Siebel application to display when the user logs in. Such a warning would indicate the user's password is about to expire and must be changed. If the user ignores such warnings and allows the password to expire, then the user might be required to change the password before logging into the application. Or, the user might be locked out of the application once the password has expired. Password expiration configuration steps for each directory vendor will vary. For more information, see the documentation provided with your directory product. More information about password expiration for use with Active Directory is provided below. Password Expiration on Active DirectoryOn Active Directory, factors that affect the password state include the following attributes and parameters:
When you configure password expiration for Active Directory, you add the parameter Password Expire Warn Days (alias PasswordExpireWarnDays) to the ADSI security adapter. Set the value to the number of days you want to provide a warning message before a user's password expires. NOTE: The attributes Password Never Expires and User Must Change Password at Next Logon are mutually exclusive, and cannot both be checked for a user. The state of each user's password is determined by the following logic:
NOTE: Confirm all third-party directory product behavior and configuration with your third-party documentation. |
Siebel Security Guide | Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices. | |