McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 246

↗ View in doc context
page
246
source
cucm/v15/security-guide/security-guide.md
chunk_id
cucm::v15::security-guide::security-guide::246

Credential policies do not apply to operating system users or CLI users. These administrators use standard password verification procedures that the operating system supports. Note Trivial Passwords The system can be configured to check for trivial passwords and PINs. A trivial password is a credential that can be easily hacked, such as a password that be guessed easily, such as using ABCD as your password or 123456 as your PIN. Non-trivial passwords meet the following requirements: • The password must contain at least one uppercase letter, one lowercase letter, one numeric character, and one special character. • Must not use a character or number more than three times consecutively. • Must not repeat or include the alias, username, or extension. • Cannot consist of consecutive characters or numbers. For example, passwords such as 654321 or ABCDEFG are not allowed. PINs can contain digits (0-9) only. A non-trivial PIN meets the following criteria: • Must not use the same number more than two times consecutively. • Must not repeat or include the user extension, mailbox, or the reverse of the user extension or mailbox. • Must contain three different numbers. For example, a PIN such as 121212 is trivial. • Must not match the numeric representation (that is, dial by name) for the first or last name of the user. • Must not contain groups of repeated digits, such as 408408, or patterns that are dialed in a straight line on a keypad, such as 2580, 159, or 753. JTAPI and TAPI Support for Credential Policies Because the Cisco Unified Communications Manager Java telephony applications programming interface (JTAPI) and telephony applications programming interface (TAPI) support the credential policies that are assigned to application users, developers must create applications that respond to the password expiration, PIN expiration, and lockout return codes for credential policy enforcement. Applications use an API to authenticate with the database or corporate directory, regardless of the authentication model that an application uses. For more information about JTAPI and TAPI for developers, see the developer guides at http://www.cisco.com/ c/en/us/support/unified-communications/unified-communications-manager-callmanager/ products-programming-reference-guides-list.html. Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 228 User Security JTAPI and TAPI Support for Credential Policies