Password Policy

Both the Admin Security and Admin Security ACP licenses support the creation of a password policy that enhances the authentication process by imposing requirements for:

  • password length
  • password strength
  • password history and re-use
  • password expiration and grace period

    The Admin Security license restricts access to the ACP ports and mandates the following password length/strength requirements.

    • user password must contain at least 9 characters
    • admin password must contain at least 15 characters

      The Admin Security and Admin Security ACP licenses both work to increase the security of the Oracle® Enterprise Session Border Controller (SBC). If a device already has an Admin Security license installed, you can add an Admin Security ACP license later in certain high-security environments. Both licenses may co-exist on a single device, or either license may be on the device alone. An Admin Security ACP license performs the same functions as an Admin Security license, but also allows access to the ACP ports blocked by an Admin Security license.

    • passwords must contain at least 2 lower case alphabetic characters
    • passwords must contain at least 2 upper case alphabetic characters
    • passwords must contain at least 2 numeric characters
    • passwords must contain at least 2 special characters
    • passwords must differ from the prior password by at least 4 characters
    • passwords cannot contain, repeat, or reverse the user name
    • passwords cannot contain three consecutive identical characters

The Admin Security ACP license imposes the same password length/strength requirements as above except for the minimum length requirement, and also maintains or reopens access to the ACP ports.

With the enabling of the password-strength command as part of the Admin Security ACP license, you also impose these requirements:
  • passwords cannot contain two or more characters from the user ID
  • passwords cannot contain a sequence of three or more characters from any password contained in the password history cache
  • passwords cannot contain a sequence of two or more characters more than once
  • passwords cannot contain either sequential numbers or characters, or repeated characters more than once.

In the absence of the Admin Security APC license, retain the default value (disabled). With the Admin Security APC license installed, use enabled to add the new password requirements as listed above; use disabled to retain only the password requirements defined by the Admin Security license.

Some specific password policy properties, specifically those regarding password lifetime and expiration procedures, are also applicable to SSH public keys used to authenticate client users.

Previous
Previous 		Next
Next
Go To Table Of Contents
Contents