Modify Password Policy Restrictions for Local Users
Before You Begin
-
The Admin (a) role is required to configure the
Password Policy properties.
-
The Password Policy applies only to local user accounts. It has no
impact on remote user authentication service accounts like LDAP or
Active Directory.
-
The Pasword Minimum Length property, by default, is set to eight
characters. When the minimum length is set to less than eight
characters, the password policy is considered weak. To ensure greater
security, set the minimum password length value from eight to sixteen
characters.
-
Upon saving changes to the password policy properties, the following
will occur:
-
All local user account configurations are deleted from Oracle
ILOM.
-
The default local user account (root)
shipped with the system is restored.
-
On the initial log in of root, the root
user is prompted to change the root-account-password.
Follow these steps to set a password policy for all local user accounts.
-
View the current Password Policy properties in Oracle ILOM:
-
Modify, as required, the applicable Password Policy properties:
-
Web: Perform the following
steps:
-
In the Minimum Length text box, if necessary, modify the
default value of eight password characters.
Note -
The minimum password length can be set from 1 to 16
characters depending on the needs of your organization.
However, when greater security is required, the Minimum
Length property should always be set to a value from 8
to16 characters.
-
Configure the Password Policy check box properties as
required.
To enable a check box property, select the check box. To
disable a check box property, clear the check box.
For a description of each Password Policy property, see
Figure 17, Table 17, Management Properties for Password Policy.
-
Click Save to save the changes.
-
If the Minimum Length property is set to eight or
more characters. The following message
appears:
Clicking 'OK' will cause all user
accounts to be deleted and restored to factory
defaults. Click 'Cancel' to not change the
password policy and keep current user
accounts.
-or-
-
If the Minimum Lenght property is set to less than
eight charactors The following messages
appear:
Warning: A password length less
than 8 is considered weak. Do you want to
continue?
If you click OK to continue, the following message
appears:
Clicking 'OK' will cause all user
accounts to be deleted and restored to factory
defaults. Click 'Cancel' to not change the
password policy and keep current user
accounts.
-
Click OK to continue saving your changes and to update the
password policy restrictions; otherwise, click Cancel.
If you click OK, all user-defined local account
configurations are deleted and the default
root account is restored to its
default password.
-
CLI: Perform the following steps:
-
Type the following command string:
set
/SP/preferences/password_policy/policy=[min_length].[restrictions]
where:
-
min_length = Minimum
password length of 1 to 16 characters. (Required)
Note -
The Pasword Minimum Length property, by
default, is set to eight characters. When the
minimum length is set to less than eight
characters, the password policy is considered
weak. To ensure greater security, set the minimum
password length value from eight to sixteen
characters.
-
. = A separator
(period) following the
minimum length value
(Required)
-
restrictions = One or
more of the following charcters:
-
u = at least one
uppercase letter is required in password
(Optional)
-
l = at least one
lowercase letter is required in password
(Optional)
-
n = at least one
number is required in password
(Optional)
-
s = at least one
symbol is required in password
(Optional)
-
h = password
history check is enabled
(Optional)
Example:
To set the password policy properties for maximum length
of 10 and to require at least one uppercase letter and
number, you would type:
set
/SP/preferences/password_policy/policy=10.un
For a description of each password policy property, see
Figure 17, Table 17, Management Properties for Password Policy.
-
Press Enter.
-
If the Minimum Length property is set to eight or
more characters. The following message
appears:
All user accounts will be deleted.
The system will restore factory default users. Do
you want to continue (y/n)?
-or-
-
If the Minimum Lenght property is set to less than
eight charactors The following messages
appear:
Warning: a password length less
than 8 is considered weak. Do you want to continue
(y/n)? y
If you type y to continue, the
following message appears:
All user accounts will be deleted.
The system will restore factory default users. Do
you want to continue (y/n)?
-
Type Y to save the updated password
policy restrictions; otherwise, type
N to cancel the changes.
If you type Y, all user-defined
local account configurations are deleted and the default
root account is restored to its
default password.
Password Policy Management Properties and Defaults
The following table describes the CLI and web properties for the Oracle ILOM
Password Policy feature.
Table 17 Management Properties for Password Policy
|
|
|
|
Minimum Length
(1-16)
|
8
|
Any value from 1 to 16
The Minimum Length property defines the minimum number of
characters that a local user account password must contain to be
policy compliant.
Note -
A password minimum length that is set to less than eight
characters is considered a weak password policy.
|
|
Uppercase Letters
(u)
|
Disabled, no restrictions
|
Disabled (no restrictions) | Enabled (requires at least 1),
The Uppercase Letters property controls whether a local user
account password must contain at least one uppercase letter to
be policy compliant.
By default, Oracle ILOM does not require the use of an
uppercase letter in the local user account password. System
administrators can enforce local users to include at least one
uppercase letter in their password by enabling the Uppercase
Letters property.
|
|
Lowercase Letters
(l)
|
Disabled, no restrictions
|
Disabled (no restrictions) | Enabled (requires at least
1)
The Lowercase Letters property controls whether a local user
account password must contain at least one lowercase letter to
be policy compliant.
By default, Oracle ILOM does not require the use of a
lowercase letter in the local user account password. System
administrators can enforce local users to include at least one
lowercase letter in their password by enabling the Lowercase
Letters property.
|
|
Numbers
(n)
|
Disabled, no restrictions
|
Disabled (no restrictions) | Enabled (requires at least
1)
The Numbers property controls whether a local user account
password must contain at least one numeric character to be
policy compliant.
By default, Oracle ILOM does not require the use of a numeric
character in the local user account password. System
administrators can enforce local users to include at least one
numeric character in their password by enabling the Numbers
property.
|
|
Symbols
(s)
|
Disabled, no restrictions
|
Disabled (no restrictions) | Enabled (requires at least
1)
Symbols permitted include: ! @ # $ % ^ & * ( )
The Symbols property controls whether a local user account
password must contain at least one symbol character to be policy
compliant.
By default, Oracle ILOM does not require the use of a symbol
in the local user account password. System administrators can
enforce local users to include at least one symbol character in
their password by enabling the Symbols property.
Note -
Extended ASCII symbols and colons (:) are not acceptable
password characters.
|
|
History
(h)
|
Disabled, no restrictions
|
Disabled (no restrictions) | Enabled (cannot use 5 previous
passwords).
The History property controls whether Oracle ILOM prevents
local users from using their last five passwords.
By default, Oracle ILOM does not restrict local users from
reusing any of their last five passwords. System administrators
can prevent local users from reusing their previous passwords by
enabling the History property.
|
|