1. Oracle ILOM Administrator's Guide for Configuration and Maintenance Firmware Release 5.1.x
  2. Setting Up and Maintaining User Accounts
  3. Managing Password Policy Restrictions for Local Users
  4. Modify Password Policy Restrictions and Account Locking Properties for Local Users

Modify Password Policy Restrictions and Account Locking Properties for Local Users

Before You Begin

  • The Admin (a) role is required to configure the Password Policy properties.

  • The Password Policy applies only to local user accounts. It has no impact on remote user authentication service accounts like LDAP or Active Directory.

  • The Password Minimum Length property, by default, is set to eight characters. When the minimum length is set to less than eight characters, the password policy is considered weak. To ensure greater security, set the minimum password length value from eight to sixteen characters.

  • Upon saving changes to the password policy properties, the following will occur:

    • All local user account configurations are deleted from Oracle ILOM.

    • The default local user account (root) shipped with the system is restored.

    • On the initial log in of root, the root user is prompted to change the root-account-password.

Follow these steps to set a password policy for all local user accounts.

  1. View the current Password Policy properties in Oracle ILOM:

    • Web: Click ILOM Administration > User Management > Password Policy.

    • CLI: Type the following command string:

      show /SP/preferences/password_policy

  2. Modify, as required, the applicable Password Policy properties:

    • Web: Perform the following steps:

      1. Configure password restrictions and account locking properties as required. For a description of each property, see Password Settings Configuration Properties.

      2. Click Save to save the changes.

        • If the Minimum Length property is set to eight or more characters. The following message appears:

          Clicking 'OK' will cause all user accounts to be deleted and restored to factory defaults. Click 'Cancel' to not change the password policy and keep current user accounts.

          -or-

        • If the Minimum Length property is set to less than eight characters The following messages appear:

          Warning: A password length less than 8 is considered weak. Do you want to continue?

          If you click OK to continue, the following message appears:

          Clicking 'OK' will cause all user accounts to be deleted and restored to factory defaults. Click 'Cancel' to not change the password policy and keep current user accounts.

      3. Click OK to continue saving your changes and to update the password policy restrictions; otherwise, click Cancel.

        If you click OK, all user-defined local account configurations are deleted and the default root account is restored to its default password.

    • CLI: Configure Password Restrictions:

      1. Type the following command string to configure the password policy settings:

        set /SP/preferences/password_policy/policy=[min_length].[restrictions]

        where:

        • min_length = Minimum password length of 1 to 16 characters. (Required)

          Note:

          The Password Minimum Length property, by default, is set to eight characters. When the minimum length is set to less than eight characters, the password policy is considered weak. To ensure greater security, set the minimum password length value from eight to sixteen characters.

        • . = A separator (period) following the minimum length value (Required)

        • restrictions = One or more of the following characters:

          • u = at least one uppercase letter is required in password (Optional)

          • l = at least one lowercase letter is required in password (Optional)

          • n = at least one number is required in password (Optional)

          • s = at least one symbol is required in password (Optional)

          • h = password history check is enabled (Optional)

        Example:

        To set the password policy properties for maximum length of 10 and to require at least one uppercase letter and number, you would type:

        set /SP/preferences/password_policy/policy=10.un

        For a description of each password setting, see Password Settings Configuration Properties.

      2. Press Enter.

        • If the Minimum Length property is set to eight or more characters. The following message appears:

          All user accounts will be deleted. The system will restore factory default users. Do you want to continue (y/n)?

          -or-

        • If the Minimum Length property is set to less than eight characters The following messages appear:

          Warning: a password length less than 8 is considered weak. Do you want to continue (y/n)? y

          If you type y to continue, the following message appears:

          All user accounts will be deleted. The system will restore factory default users. Do you want to continue (y/n)?

      3. Type Y to save the updated password policy restrictions; otherwise, type N to cancel the changes.

        If you type Y, all user-defined local account configurations are deleted and the default root account is restored to its default password.

  3. CLI: Configure the Account Locking Properties
    1. Type the following command string, then press Enter to configure the Account Locking properties.

      set /SP/preferences/password_policy/account_lockout [state= enabled | disabled] [attempts = n] [delay= enabled | disabled] [delay_time = n]

      where:

      • state = Account Locking state (enabled (default) | disabled)

      • attempts = Maximum attempts (12 Maximum Attempts (default) | User-Specified Maximum Attempts (1 to 12)

      • delay = Enable after Delay (enabled (default) | disabled).

      • delay_time = Delay Time (12 Hours 0 Minutes (default) | User-Specified Hours (1 to 12) and Minutes (0 to 59)).

      For a description of each account locking property, see Configure Account Locking Properties.

Related Information: