Password Policy Management Properties and Defaults

The following tables describe the CLI and web properties for the Oracle ILOM Password Settings and Account Locking properties.

Table 3-10 Password Settings Configuration Properties

Property	Default	Description
Minimum Length (`1-16`)	8	Any value from 1 to 16 The Minimum Length property defines the minimum number of characters that a local user account password must contain to be policy compliant. Note. A password minimum length that is set to less than eight characters is considered a weak password policy.
Uppercase Letters (`u`)	Disabled, no restrictions	Disabled (no restrictions) \| Enabled (requires at least 1), The Uppercase Letters property controls whether a local user account password must contain at least one uppercase letter to be policy compliant. By default, Oracle ILOM does not require the use of an uppercase letter in the local user account password. System administrators can enforce local users to include at least one uppercase letter in their password by enabling the Uppercase Letters property.
Lowercase Letters (`l`)	Disabled, no restrictions	Disabled (no restrictions) \| Enabled (requires at least 1) The Lowercase Letters property controls whether a local user account password must contain at least one lowercase letter to be policy compliant. By default, Oracle ILOM does not require the use of a lowercase letter in the local user account password. System administrators can enforce local users to include at least one lowercase letter in their password by enabling the Lowercase Letters property.
Numbers (`n`)	Disabled, no restrictions	Disabled (no restrictions) \| Enabled (requires at least 1) The Numbers property controls whether a local user account password must contain at least one numeric character to be policy compliant. By default, Oracle ILOM does not require the use of a numeric character in the local user account password. System administrators can enforce local users to include at least one numeric character in their password by enabling the Numbers property.
Symbols (`s`)	Disabled, no restrictions	Disabled (no restrictions) \| Enabled (requires at least 1) Symbols permitted include: ! @ # $ % ^ & * ( ) The Symbols property controls whether a local user account password must contain at least one symbol character to be policy compliant. By default, Oracle ILOM does not require the use of a symbol in the local user account password. System administrators can enforce local users to include at least one symbol character in their password by enabling the Symbols property. Note. Extended ASCII symbols and colons (:) are not acceptable password characters.
History (`h`)	Disabled, no restrictions	Disabled (no restrictions) \| Enabled (cannot use 5 previous passwords). The History property controls whether Oracle ILOM prevents local users from using their last five passwords. By default, Oracle ILOM does not restrict local users from reusing any of their last five passwords. System administrators can prevent local users from reusing their previous passwords by enabling the History property.

Property

Default

Description

Minimum Length

(1-16)

Any value from 1 to 16

The Minimum Length property defines the minimum number of characters that a local user account password must contain to be policy compliant.

Note. A password minimum length that is set to less than eight characters is considered a weak password policy.

Uppercase Letters

(u)

Disabled, no restrictions

Disabled (no restrictions) | Enabled (requires at least 1),

The Uppercase Letters property controls whether a local user account password must contain at least one uppercase letter to be policy compliant.

By default, Oracle ILOM does not require the use of an uppercase letter in the local user account password. System administrators can enforce local users to include at least one uppercase letter in their password by enabling the Uppercase Letters property.

Lowercase Letters

(l)

Disabled, no restrictions

Disabled (no restrictions) | Enabled (requires at least 1)

The Lowercase Letters property controls whether a local user account password must contain at least one lowercase letter to be policy compliant.

By default, Oracle ILOM does not require the use of a lowercase letter in the local user account password. System administrators can enforce local users to include at least one lowercase letter in their password by enabling the Lowercase Letters property.

Numbers

(n)

Disabled, no restrictions

Disabled (no restrictions) | Enabled (requires at least 1)

The Numbers property controls whether a local user account password must contain at least one numeric character to be policy compliant.

By default, Oracle ILOM does not require the use of a numeric character in the local user account password. System administrators can enforce local users to include at least one numeric character in their password by enabling the Numbers property.

Symbols

(s)

Disabled, no restrictions

Disabled (no restrictions) | Enabled (requires at least 1)

Symbols permitted include: ! @ # $ % ^ & * ( )

The Symbols property controls whether a local user account password must contain at least one symbol character to be policy compliant.

By default, Oracle ILOM does not require the use of a symbol in the local user account password. System administrators can enforce local users to include at least one symbol character in their password by enabling the Symbols property.

Note. Extended ASCII symbols and colons (:) are not acceptable password characters.

History

(h)

Disabled, no restrictions

Disabled (no restrictions) | Enabled (cannot use 5 previous passwords).

The History property controls whether Oracle ILOM prevents local users from using their last five passwords.

By default, Oracle ILOM does not restrict local users from reusing any of their last five passwords. System administrators can prevent local users from reusing their previous passwords by enabling the History property.

Table 3-11 Configure Account Locking Properties

Property	Default	Description
Account Locking (state =)	Enabled	Enabled \| Disabled Enabled — Select the Account Locking Enabled check box to enable the account lockout mode. When the account lockout mode is enabled, any user that exceeds the specified maximum number of login attempts will be locked out of their account. Disabled — Clear the Account Locking Enabled check box to disable the account lockout mode. When the account lockout mode is disabled, all user failed login attempts are cleared. Note that a warning message will appear prompting the user to confirm this action.
Maximum Attempts (attempts =)	12	12 Maximum Attempts (default) \| User-Specified Maximum Attempts (1 to 12) Enter the maximum number of failed login attempts a local user must not exceed before their account is locked.
Enable After Delay (delay =)	Enabled	Enabled (default) \| Disabled Enabled — Select the Enable After Delay check box to permit the password policy to unlock a user account after the specified time elapsed (hours and minutes specified in the Delay Time property). Disabled — Clear the Enable After Delay check box to disable the unlocking of local users accounts.
Delay Time (delay_time =)	12 Hours and 0 Minutes	12 Hours and 0 Minutes (default) \| User-Specified Hours (1 to 12) and Minutes (0 to 59) When the Enable After Delay check box is selected, enter the maximum time during which a local user account will remain locked until the password policy is permitted to unlock the user account.