Skip to main content
Start a Conversation

Unsolved

leng20021976

5 Posts

1849

May 18th, 2021 23:00

Password strength policy

hi,

 

may i ask for IDRAC9, what is the definitions for password strength policy?

 

What is the different for

1) no Protection

2) Weak protection

3) Medium protection 

4) Strong protection

 

Thanks

Dell-Martin S

Moderator

 • 

3.6K Posts

May 19th, 2021 04:00

Hi leng20021976,

 

this is what i found in the Manual i hope that helps you.

 

Password Settings

Default Password Warning

  NOTE: This option can be enabled for users with Configure user privilege.

This feature allows you to enable the Default Password Warning feature. A warning message is displayed when the default username and password are used to log in and the Default Password Warning feature is enabled. It is recommended that the default password is changed to a user-specified value to ensure security.

  NOTE:
  • Each system is shipped with a unique password for iDRAC which is available on the system information tag. This unique password improves security of iDRAC and your server. The default username to login into iDRAC is root
  • For the location of the system information tag, see the iDRAC User's Guide available at https://dell.to/3tUGmaI
  • While ordering the system, you can choose to retain the legacy password calvin as the default password. If you choose to retain the legacy password, the password is not available on the system information tag

Policy Settings

This feature allows you to configure a password strength policy which provides a measurement of the relative strength of the password entered. The password can be scored to provide feedback on strength and the policy constraints which were not adhered to.

You can also configure these settings from other interfaces such as RACADM or Redfish.

  NOTE: The password policy requirements are applicable only when setting up a new password. They are not applied on a previously configured password.
Field Description
Minimum Score This determines the strength of the password being set up by the user, and indicates to the user if a change in password is required. Select the minimum score from the possible values:
  • 0 - No Protection
  • 1 - Weak Protection
  • 2 - Moderate Protection
  • 3 - Strong Protection
  NOTE:
  • The default value for minimum score is 1-Weak Protection.
  • For better security, it is recommended to select the minimum score as 3-Strong Protection.
Simple Policy Select from the following password strength features:
  • Upper case letters
  • Numbers
  • Symbols
  • Minimum Length
  NOTE:
  • Password strength is highly subject to interpretation. One of the most common methods of determining password strength is the use of a combination of lowercase letters, uppercase letters, numbers, and special characters or symbols.
  • Supported symbols for setting an iDRAC password are: ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~
Regular Expression If the user enters a value in this field, all other policy features apart from Minimum Score are ignored. Only the Regular Expression and the Minimum Score are then used for determining the validity of the password configured by the user.

 

 

regards Martin

 

 

DELL-Shine K

4 Operator

 • 

3K Posts

May 19th, 2021 19:00

There is no direct definition of these policies. Using this option you will be able to enforce password strength for the iDRAC local users. iDRAC will not allow to create a new user until unless minimum required password strength is achieved. This strength is measured using an algorithm which consist of multiple factors including commonly used password. E.g. Passw0rd! is considered as weak password by iDRAC even it have upper case, lower case, number and special character on the password. Hope this clarifies. 

You can also opt for simple policy option with minimum score as No protection if you want only to control what are the minimum factors a password should have from Upper Case Letters, Numbers, Symbols and Minimum Length 

Was this post helpful?

View All

0 events found

No Events found!

Top