| Siebel CRM Siebel Security Guide Siebel Innovation Pack 2015 E24814-01 |
|
 Previous |
 Next |
View PDF |
| Siebel CRM Siebel Security Guide Siebel Innovation Pack 2015 E24814-01 |
|
Previous |
Next |
View PDF |
It is recommended that a password management policy is implemented in all Siebel Business Applications implementations to ensure that only authorized users can access the applications. The password management policy that is most appropriate varies according to site-specific variables, such as the size of the implementation and users' business needs. However, all password management policies ought to provide guidelines relating to how frequently end users must change their passwords, whether or not password expiry periods are enforced, and the circumstances in which passwords must be changed.
Password management policies must also be applied to accounts that are used to manage and maintain the Siebel implementation, such as the Siebel administrator account. The topics in this chapter provide information on changing and managing the passwords for these accounts. For information on how end users can change their passwords, see "Changing a Password". For additional information on implementing password management policies, see Siebel Security Hardening Guide.
|
Note: Use the configuration wizards installed with Siebel Business Applications to perform the initial configuration of the Gateway Name Server, Siebel Server, and Web server. This initial configuration process includes specifying names and passwords for accounts described in this chapter, and choosing whether or not to encrypt passwords. Using the configuration wizards simplifies the task of setting password-related values for accounts and reduces configuration errors. |
Before changing passwords in your environment, review the following general points:
For end users, the availability of the Password and Verify Password fields in the Siebel application (User Preferences screen, User Profile view) depends on several factors:
For an environment using Lightweight Directory Access Protocol (LDAP) or Active Directory Service Interfaces (ADSI) authentication, the underlying security mechanism must allow this functionality. See also "Requirements for the LDAP Directory or Active Directory".
In addition, the Propagate Change parameter (alias PropagateChange) must be TRUE for the LDAP or ADSI security adapter (default is TRUE). For Siebel Developer Web Clients, the system preference, SecThickClientExtAuthent, must also be TRUE. For more information, see Chapter 5, "Security Adapter Authentication."
For an environment using database authentication, the Propagate Change parameter (alias DBSecAdpt_PropagateChange) must be TRUE for the database security adapter. The default is FALSE for the parameter defined in the Siebel Gateway Name Server, FALSE for the same parameter defined in application configuration files for the Developer Web Client. For more information, see Chapter 5, "Security Adapter Authentication."
If you are using a third-party load balancer for Siebel Server load balancing, then make sure load-balancer administration passwords are set. Also make sure that the administrative user interfaces for your load-balancer products are securely protected.
If you set and change passwords at the Siebel Enterprise level, then the changes are inherited at the component level. However, if you set a password parameter at the component level, then from that point forward, the password can be changed only at the component level. Changing it at the Enterprise level does not cause the new password to be inherited at the component level, unless the override is deleted at the component level. For more information, see Siebel System Administration Guide.
For information about changing the local DBA password on Mobile Web Clients, see Siebel Remote and Replication Manager Administration Guide. For information about configuring and using hashed user passwords and database credentials passwords through your security adapter, see "About Password Hashing".
It is recommended that you implement a password policy in your organization that defines the requirements for creating and changing Siebel passwords. For example:
The password value must not be the same as the user name.
Password values must be a minimum length, usually 8 characters.
Password values must include a variety of supported characters.
Siebel CRM supports the use of the following characters in passwords:
The alphabetic characters a to z (uppercase and lowercase)
The numerals 0 to 9
The following special characters:
Number sign (#)
Dollar sign ($)
You cannot use the special characters shown in Table 3-1 when creating or changing passwords used in your Siebel implementation.
|
Note: The ADSI security adapter and the LDAP security adapter used with the Oracle LDAP Client allow special characters in passwords, including characters not supported in Siebel passwords. |
Table 3-1 Special Characters Not Supported in Siebel Passwords
| Character | Description | Hexadecimal |
|---|---|---|
|
! |
exclamation point |
21 |
|
" |
double quote |
22 |
|
% |
Percent sign |
25 |
|
& |
ampersand |
26 |
|
' |
Single quote |
27 |
|
( |
Left parenthesis |
28 |
|
) |
Right parenthesis |
29 |
|
* |
Asterisk (star) |
2A |
|
+ |
Plus |
2B |
|
, |
Comma |
2C |
|
- |
Minus (hyphen) |
2D |
|
. |
Period |
2E |
|
/ |
Forward slash |
2F |
|
: |
Colon |
3A |
|
; |
Semi-colon |
3B |
|
< |
Less-than sign |
3C |
|
= |
Equal sign |
3D |
|
> |
Greater-than sign |
3E |
|
? |
Question mark |
3F |
|
@ |
At-sign |
40 |
|
[ |
Left square bracket |
5B |
|
\ |
Back slash |
5C |
|
] |
Right square bracket |
5D |
|
^ |
Caret |
5E |
|
_ |
Underscore |
5F |
|
` |
Grave accent |
60 |
|
{ |
Left curly brace |
7B |
|
| |
Vertical bar |
7C |
|
} |
Right curly brace |
7D |
|
~ |
tilde |
7E |
|
´ |
Acute accent |
B4 |
