Go to main content

Oracle® ILOM Administrator's Guide for Configuration and Maintenance Firmware Release 3.2.x

Exit Print View

Updated: April 2018
 
 

Modify Password Policy Restrictions for Local Users

Before You Begin

  • The Admin (a) role is required to configure the Password Policy properties.

  • The Password Policy applies only to local user accounts. It has no impact on remote user authentication service accounts like LDAP or Active Directory.

  • The Pasword Minimum Length property, by default, is set to eight characters. When the minimum length is set to less than eight characters, the password policy is considered weak. To ensure greater security, set the minimum password length value from eight to sixteen characters.

  • Upon saving changes to the password policy properties, the following will occur:

    • All local user account configurations are deleted from Oracle ILOM.

    • The default local user account (root) shipped with the system is restored.

    • On the initial log in of root, the root user is prompted to change the root-account-password.

Follow these steps to set a password policy for all local user accounts.

  1. View the current Password Policy properties in Oracle ILOM:
    • Web: Click ILOM Administration > User Management > Password Policy.
    • CLI: Type the following command string:

      show /SP/preferences/password_policy

  2. Modify, as required, the applicable Password Policy properties:
    • Web: Perform the following steps:
      1. In the Minimum Length text box, if necessary, modify the default value of eight password characters.

        Note -  The minimum password length can be set from 1 to 16 characters depending on the needs of your organization. However, when greater security is required, the Minimum Length property should always be set to a value from 8 to16 characters.
      2. Configure the Password Policy check box properties as required.

        To enable a check box property, select the check box. To disable a check box property, clear the check box.

        For a description of each Password Policy property, see Figure 17, Table 17, Management Properties for Password Policy.

      3. Click Save to save the changes.
        • If the Minimum Length property is set to eight or more characters. The following message appears:

          Clicking 'OK' will cause all user accounts to be deleted and restored to factory defaults. Click 'Cancel' to not change the password policy and keep current user accounts.

          -or-

        • If the Minimum Lenght property is set to less than eight charactors The following messages appear:

          Warning: A password length less than 8 is considered weak. Do you want to continue?

          If you click OK to continue, the following message appears:

          Clicking 'OK' will cause all user accounts to be deleted and restored to factory defaults. Click 'Cancel' to not change the password policy and keep current user accounts.

      4. Click OK to continue saving your changes and to update the password policy restrictions; otherwise, click Cancel.

        If you click OK, all user-defined local account configurations are deleted and the default root account is restored to its default password.

    • CLI: Perform the following steps:
      1. Type the following command string:

        set /SP/preferences/password_policy/policy=[min_length].[restrictions]

        where:

        • min_length = Minimum password length of 1 to 16 characters. (Required)


          Note -  The Pasword Minimum Length property, by default, is set to eight characters. When the minimum length is set to less than eight characters, the password policy is considered weak. To ensure greater security, set the minimum password length value from eight to sixteen characters.
        • . = A separator (period) following the minimum length value (Required)

        • restrictions = One or more of the following charcters:

          • u = at least one uppercase letter is required in password (Optional)

          • l = at least one lowercase letter is required in password (Optional)

          • n = at least one number is required in password (Optional)

          • s = at least one symbol is required in password (Optional)

          • h = password history check is enabled (Optional)

        Example:

        To set the password policy properties for maximum length of 10 and to require at least one uppercase letter and number, you would type:

        set /SP/preferences/password_policy/policy=10.un

        For a description of each password policy property, see Figure 17, Table 17, Management Properties for Password Policy.

      2. Press Enter.
        • If the Minimum Length property is set to eight or more characters. The following message appears:

          All user accounts will be deleted. The system will restore factory default users. Do you want to continue (y/n)?

          -or-

        • If the Minimum Lenght property is set to less than eight charactors The following messages appear:

          Warning: a password length less than 8 is considered weak. Do you want to continue (y/n)? y

          If you type y to continue, the following message appears:

          All user accounts will be deleted. The system will restore factory default users. Do you want to continue (y/n)?

      3. Type Y to save the updated password policy restrictions; otherwise, type N to cancel the changes.

        If you type Y, all user-defined local account configurations are deleted and the default root account is restored to its default password.

Related Information:

Password Policy Management Properties and Defaults

The following table describes the CLI and web properties for the Oracle ILOM Password Policy feature.

Table 17  Management Properties for Password Policy
Property
Default
Description
Minimum Length
(1-16)
8
Any value from 1 to 16
The Minimum Length property defines the minimum number of characters that a local user account password must contain to be policy compliant.

Note -  A password minimum length that is set to less than eight characters is considered a weak password policy.

Uppercase Letters
(u)
Disabled, no restrictions
Disabled (no restrictions) | Enabled (requires at least 1),
The Uppercase Letters property controls whether a local user account password must contain at least one uppercase letter to be policy compliant.
By default, Oracle ILOM does not require the use of an uppercase letter in the local user account password. System administrators can enforce local users to include at least one uppercase letter in their password by enabling the Uppercase Letters property.
Lowercase Letters
(l)
Disabled, no restrictions
Disabled (no restrictions) | Enabled (requires at least 1)
The Lowercase Letters property controls whether a local user account password must contain at least one lowercase letter to be policy compliant.
By default, Oracle ILOM does not require the use of a lowercase letter in the local user account password. System administrators can enforce local users to include at least one lowercase letter in their password by enabling the Lowercase Letters property.
Numbers
(n)
Disabled, no restrictions
Disabled (no restrictions) | Enabled (requires at least 1)
The Numbers property controls whether a local user account password must contain at least one numeric character to be policy compliant.
By default, Oracle ILOM does not require the use of a numeric character in the local user account password. System administrators can enforce local users to include at least one numeric character in their password by enabling the Numbers property.
Symbols
(s)
Disabled, no restrictions
Disabled (no restrictions) | Enabled (requires at least 1)
Symbols permitted include: ! @ # $ % ^ & * ( )
The Symbols property controls whether a local user account password must contain at least one symbol character to be policy compliant.
By default, Oracle ILOM does not require the use of a symbol in the local user account password. System administrators can enforce local users to include at least one symbol character in their password by enabling the Symbols property.

Note -  Extended ASCII symbols and colons (:) are not acceptable password characters.

History
(h)
Disabled, no restrictions
Disabled (no restrictions) | Enabled (cannot use 5 previous passwords).
The History property controls whether Oracle ILOM prevents local users from using their last five passwords.
By default, Oracle ILOM does not restrict local users from reusing any of their last five passwords. System administrators can prevent local users from reusing their previous passwords by enabling the History property.