Siebel CRM Siebel Security Guide Siebel Innovation Pack 2017, Rev. A E24814-01 |
|
![]() Previous |
![]() Next |
View PDF |
It is recommended that a password management policy is implemented in all Siebel Business Applications implementations to ensure that only authorized users can access the applications. The password management policy that is most appropriate varies according to site-specific variables, such as the size of the implementation and users' business needs. However, all password management policies ought to provide guidelines relating to how frequently end users must change their passwords, whether or not password expiry periods are enforced, and the circumstances in which passwords must be changed.
Password management policies must also be applied to accounts that are used to manage and maintain the Siebel implementation, such as the Siebel administrator account. The topics in this chapter provide information on changing and managing the passwords for these accounts. For information on how end users can change their passwords, see "Changing a Password". For additional information on implementing password management policies, see "Defining Password Management Procedures".
Note: Use the Siebel Management Console installed with Siebel Business Applications to perform the initial configuration of Siebel Gateway, Siebel Server, and Web server. This initial configuration process includes specifying names and passwords for accounts described in this chapter, and choosing whether or not to encrypt passwords. Using the Siebel Management Console simplifies the task of setting password-related values for accounts and reduces configuration errors. |
Before changing passwords in your environment, review the following general points:
For end users, the availability of the Password and Verify Password fields in the Siebel application (User Preferences screen, User Profile view) depends on several factors:
For an environment using Lightweight Directory Access Protocol (LDAP) authentication, the underlying security mechanism must allow this functionality. See also "Requirements for the LDAP Directory".
In addition, the Propagate Change parameter must be TRUE for the LDAP security adapter. The default value is TRUE. For Siebel Developer Web Clients, the system preference, SecThickClientExtAuthent, must also be TRUE. For more information, see Chapter 5, "Security Adapter Authentication".
For an environment using database authentication, the Database Security Adapter Propagate Changes parameter must be TRUE for the database security adapter. The default value is FALSE. For more information, see Chapter 5, "Security Adapter Authentication".
If you are using a third-party load balancer for Siebel Server load balancing, then make sure load-balancer administration passwords are set. Also make sure that the administrative user interfaces for your load-balancer products are securely protected.
If you set and change passwords at the Siebel Enterprise level, then the changes are inherited at the component level. However, if you set a password parameter at the component level, then from that point forward, the password can be changed only at the component level. Changing it at the Enterprise level does not cause the new password to be inherited at the component level, unless the override is deleted at the component level. For more information, see Siebel System Administration Guide.
For information about changing the local DBA password on Mobile Web Clients, see Siebel Remote and Replication Manager Administration Guide. For information about configuring and using hashed user passwords and database credentials passwords through your security adapter, see "About Password Hashing".
It is recommended that you implement a password policy in your organization that defines the requirements for creating and changing Siebel passwords. For example:
The password value must not be the same as the user name.
Password values must be a minimum length, usually 8 characters.
Password values must include a variety of supported characters.
Siebel CRM supports the use of the following characters in passwords:
The alphabetic characters a to z (uppercase and lowercase).
The numerals 0 to 9.
The following special characters: Number sign (#).
You cannot use the special characters shown in Table 3-1 when creating or changing passwords used in your Siebel implementation.
Note: The LDAP security adapter used with Siebel Business Applications allows special characters in passwords, including characters not supported in Siebel passwords. |
Table 3-1 Special Characters Not Supported in Siebel Passwords
Character | Description | Hexadecimal |
---|---|---|
! |
exclamation point |
21 |
" |
double quote |
22 |
$ |
dollar sign |
24 |
% |
Percent sign |
25 |
& |
ampersand |
26 |
' |
Single quote |
27 |
( |
Opening parenthesis |
28 |
) |
Closing parenthesis |
29 |
* |
Asterisk (star) |
2A |
+ |
Plus |
2B |
, |
Comma |
2C |
- |
Minus (hyphen) |
2D |
. |
Period |
2E |
/ |
Forward slash |
2F |
: |
Colon |
3A |
; |
Semi-colon |
3B |
< |
Less-than sign |
3C |
= |
Equal sign |
3D |
> |
Greater-than sign |
3E |
? |
Question mark |
3F |
@ |
At-sign |
40 |
[ |
Opening bracket |
5B |
\ |
Back slash |
5C |
] |
Closing bracket |
5D |
^ |
Caret |
5E |
_ |
Underscore |
5F |
` |
Grave accent |
60 |
{ |
Opening brace |
7B |
| |
Vertical bar |
7C |
} |
Closing brace |
7D |
~ |
tilde |
7E |
´ |
Acute accent |
B4 |