4.6 Passwords

funny you say that, i saw that and I don't think it was intentional.
if another developer doesn't respond tomorrow i'll investigate.

Post by Todd Hodgen
In 4.6, installation provides a default pin, and password for xmpp. Anyone
know what those defaults are. I’m thinking a nice Jira would be an option
to set what the default is for new users. Any thoughts?
_______________________________________________
sipx-users mailing list
List Archive: http://list.sipfoundry.org/archive/sipx-users/

Todd Hodgen

2012-07-17 20:09:18 UTC

It's not a bad idea. Many voicemails will have a default of 0000 or 1111 or
something similar. I have a default that I apply to all installations when
I import my file just so there is something there that I can convey to
everyone easily during training.

-----Original Message-----
From: sipx-users-***@list.sipfoundry.org
[mailto:sipx-users-***@list.sipfoundry.org] On Behalf Of Douglas Hubler
Sent: Tuesday, July 17, 2012 1:00 PM
To: Discussion list for users of sipXecs software
Subject: Re: [sipx-users] 4.6 Passwords

funny you say that, i saw that and I don't think it was intentional.
if another developer doesn't respond tomorrow i'll investigate.

Post by Todd Hodgen
In 4.6, installation provides a default pin, and password for xmpp.

Anyone

Post by Todd Hodgen
know what those defaults are. I'm thinking a nice Jira would be an option
to set what the default is for new users. Any thoughts?
_______________________________________________
sipx-users mailing list
List Archive: http://list.sipfoundry.org/archive/sipx-users/

Mircea Carasel

2012-07-18 05:51:46 UTC

Post by Todd Hodgen
It's not a bad idea. Many voicemails will have a default of 0000 or 1111 or
something similar. I have a default that I apply to all installations when
I import my file just so there is something there that I can convey to
everyone easily during training.
Todd,

With 4.6 we have two sets of credentials as you noticed instead of one
-Voicemail PIN which defaults to a random value of 4 digits - so we don't
set a constant default value, we generate a random sequence of 4 digits as
a default
-User password which stands for User Portal, XMPP, REST API, Open ACD
password (same for all of them) - this is the same here, we don't set a
constant default value, we generate a random sequence of 8 characters as a
default

Basically the administrator will have to manually set desired values
Another change regarding passwords is that now the SIP password is a random
sequence of 12 characters (instead of 8 as it was in 4.4)

Mircea

Todd Hodgen

2012-07-18 07:15:12 UTC

Just for a point of discussion, setting these two password fields to random
numbers doesn't seem to provide any benefit to the administrator. I'm
assuming these are required to be there rather than a blank space. It
would be very beneficial to the administrator if something useable was put
into that field, even if they were all the same. For example - maybe a
specific number such as 5 + extension number. Or set them all to 1234 or
something similar. This way, the end user can be instructed on what is
there, and how to change it, rather than the administrator having to change
all of them to something useable.

With a random number, the end user can't log into voicemail or the GUI to
change it until after the administrator makes a change since it is random
and hidden.

I'd recommending making it something standard using some method that allows
the administrator to know how it will be populated. I can write a Jira or
add notes to any Jira that addresses this. I suspect there will be many
opinions on this, probably a healthy discussion.

From: sipx-users-***@list.sipfoundry.org
[mailto:sipx-users-***@list.sipfoundry.org] On Behalf Of Mircea Carasel
Sent: Tuesday, July 17, 2012 10:52 PM
To: Discussion list for users of sipXecs software
Subject: Re: [sipx-users] 4.6 Passwords

On Tue, Jul 17, 2012 at 11:09 PM, Todd Hodgen <***@frontier.com> wrote:

It's not a bad idea. Many voicemails will have a default of 0000 or 1111 or
something similar. I have a default that I apply to all installations when
I import my file just so there is something there that I can convey to
everyone easily during training.

Todd,

With 4.6 we have two sets of credentials as you noticed instead of one

-Voicemail PIN which defaults to a random value of 4 digits - so we don't
set a constant default value, we generate a random sequence of 4 digits as a
default

-User password which stands for User Portal, XMPP, REST API, Open ACD
password (same for all of them) - this is the same here, we don't set a
constant default value, we generate a random sequence of 8 characters as a
default

Basically the administrator will have to manually set desired values

Another change regarding passwords is that now the SIP password is a random
sequence of 12 characters (instead of 8 as it was in 4.4)

Mircea

Mircea Carasel

2012-07-18 07:43:23 UTC

Post by Todd Hodgen
Just for a point of discussion, setting these two password fields to
random numbers doesnt seem to provide any benefit to the administrator.
Im assuming these are required to be there rather than a blank space. It
would be very beneficial to the administrator if something useable was put
into that field, even if they were all the same. For example maybe a
specific number such as 5 + extension number. Or set them all to 1234 or
something similar. This way, the end user can be instructed on what is
there, and how to change it, rather than the administrator having to change
all of them to something useable.****
** **
With a random number, the end user cant log into voicemail or the GUI to
change it until after the administrator makes a change since it is random
and hidden.****
** **
Id recommending making it something standard using some method that
allows the administrator to know how it will be populated. I can write a
Jira or add notes to any Jira that addresses this. I suspect there will
be many opinions on this, probably a healthy discussion.****

I agree with your comments and I think a JIRA worth being opened on this
matter - that should describe proposed methods on how to generate these
passwords

Thanks,
Mircea

Todd Hodgen

2012-07-18 08:27:05 UTC

Thanks. I've created XX-10294 - Method for establishing a default pin for
voicemail and xmpp <http://track.sipfoundry.org/browse/XX-10294>

From: sipx-users-***@list.sipfoundry.org
[mailto:sipx-users-***@list.sipfoundry.org] On Behalf Of Mircea Carasel
Sent: Wednesday, July 18, 2012 12:43 AM
To: Discussion list for users of sipXecs software
Subject: Re: [sipx-users] 4.6 Passwords

On Wed, Jul 18, 2012 at 10:15 AM, Todd Hodgen <***@frontier.com> wrote:

Just for a point of discussion, setting these two password fields to random
numbers doesn't seem to provide any benefit to the administrator. I'm
assuming these are required to be there rather than a blank space. It
would be very beneficial to the administrator if something useable was put
into that field, even if they were all the same. For example - maybe a
specific number such as 5 + extension number. Or set them all to 1234 or
something similar. This way, the end user can be instructed on what is
there, and how to change it, rather than the administrator having to change
all of them to something useable.

With a random number, the end user can't log into voicemail or the GUI to
change it until after the administrator makes a change since it is random
and hidden.

I'd recommending making it something standard using some method that allows
the administrator to know how it will be populated. I can write a Jira or
add notes to any Jira that addresses this. I suspect there will be many
opinions on this, probably a healthy discussion.

I agree with your comments and I think a JIRA worth being opened on this
matter - that should describe proposed methods on how to generate these
passwords

Thanks,

Mircea

Bryan Anderson

2012-07-18 18:13:19 UTC

So, does what I am seeing here indicate there will now be 3 passwords for
each users?

Voicemail
Web Portal
SIP

If so, YAY!

-Bryan Anderson

Thanks. Ive created XX-10294 - Method for establishing a default pin
for voicemail and xmpp <http://track.sipfoundry.org/browse/XX-10294>****
** **
*Sent:* Wednesday, July 18, 2012 12:43 AM
*To:* Discussion list for users of sipXecs software
*Subject:* Re: [sipx-users] 4.6 Passwords****
** **
** **
wrote:****
Just for a point of discussion, setting these two password fields to
random numbers doesnt seem to provide any benefit to the administrator.
Im assuming these are required to be there rather than a blank space. It
would be very beneficial to the administrator if something useable was put
into that field, even if they were all the same. For example maybe a
specific number such as 5 + extension number. Or set them all to 1234 or
something similar. This way, the end user can be instructed on what is
there, and how to change it, rather than the administrator having to change
all of them to something useable.****
****
With a random number, the end user cant log into voicemail or the GUI to
change it until after the administrator makes a change since it is random
and hidden.****
****
Id recommending making it something standard using some method that
allows the administrator to know how it will be populated. I can write a
Jira or add notes to any Jira that addresses this. I suspect there will
be many opinions on this, probably a healthy discussion.****
** **
** **
I agree with your comments and I think a JIRA worth being opened on this
matter - that should describe proposed methods on how to generate these
passwords****
** **
Thanks,****
Mircea ****
_______________________________________________
sipx-users mailing list
List Archive: http://list.sipfoundry.org/archive/sipx-users/

Todd Hodgen

2012-07-18 18:29:15 UTC

Yes.

From: sipx-users-***@list.sipfoundry.org
[mailto:sipx-users-***@list.sipfoundry.org] On Behalf Of Bryan Anderson
Sent: Wednesday, July 18, 2012 11:13 AM
To: Discussion list for users of sipXecs software
Subject: Re: [sipx-users] 4.6 Passwords

So, does what I am seeing here indicate there will now be 3 passwords for
each users?

Voicemail
Web Portal
SIP

If so, YAY!

-Bryan Anderson

On Wed, Jul 18, 2012 at 1:27 AM, Todd Hodgen <***@frontier.com> wrote:

Thanks. I've created XX-10294 - Method for establishing a default pin for
voicemail and xmpp <http://track.sipfoundry.org/browse/XX-10294>

From: sipx-users-***@list.sipfoundry.org
[mailto:sipx-users-***@list.sipfoundry.org] On Behalf Of Mircea Carasel
Sent: Wednesday, July 18, 2012 12:43 AM

To: Discussion list for users of sipXecs software
Subject: Re: [sipx-users] 4.6 Passwords

On Wed, Jul 18, 2012 at 10:15 AM, Todd Hodgen <***@frontier.com> wrote:

Just for a point of discussion, setting these two password fields to random
numbers doesn't seem to provide any benefit to the administrator. I'm
assuming these are required to be there rather than a blank space. It
would be very beneficial to the administrator if something useable was put
into that field, even if they were all the same. For example - maybe a
specific number such as 5 + extension number. Or set them all to 1234 or
something similar. This way, the end user can be instructed on what is
there, and how to change it, rather than the administrator having to change
all of them to something useable.

With a random number, the end user can't log into voicemail or the GUI to
change it until after the administrator makes a change since it is random
and hidden.

I'd recommending making it something standard using some method that allows
the administrator to know how it will be populated. I can write a Jira or
add notes to any Jira that addresses this. I suspect there will be many
opinions on this, probably a healthy discussion.

I agree with your comments and I think a JIRA worth being opened on this
matter - that should describe proposed methods on how to generate these
passwords

Thanks,

Mircea

Kurt Albershardt

2012-07-18 19:14:04 UTC

Just for a point of discussion, setting these two password fields to random numbers doesnt seem to provide any benefit to the administrator. Im assuming these are required to be there rather than a blank space. It would be very beneficial to the administrator if something useable was put into that field, even if they were all the same. For example maybe a specific number such as 5 + extension number. Or set them all to 1234 or something similar. This way, the end user can be instructed on what is there, and how to change it, rather than the administrator having to change all of them to something useable.
With a random number, the end user cant log into voicemail or the GUI to change it until after the administrator makes a change since it is random and hidden.

Is there a "require password change on next login" option for the web portal and voicemail? If a default passwords is populated, it should select this option by default as well.

Michael Picher

2012-07-18 19:15:27 UTC

i'd make that part of that Jira that Todd was going to create...

Post by Todd Hodgen
Just for a point of discussion, setting these two password fields to
random numbers doesnt seem to provide any benefit to the administrator.
Im assuming these are required to be there rather than a blank space. It
would be very beneficial to the administrator if something useable was put
into that field, even if they were all the same. For example maybe a
specific number such as 5 + extension number. Or set them all to 1234 or
something similar. This way, the end user can be instructed on what is
there, and how to change it, rather than the administrator having to change
all of them to something useable.****
** **
With a random number, the end user cant log into voicemail or the GUI to
change it until after the administrator makes a change since it is random
and hidden.
Is there a "require password change on next login" option for the web
portal and voicemail? If a default passwords is populated, it should
select this option by default as well.
_______________________________________________
sipx-users mailing list
List Archive: http://list.sipfoundry.org/archive/sipx-users/

--
Michael Picher, Director of Technical Services
eZuce, Inc.

300 Brickstone Square****

Suite 201****

Andover, MA. 01810
O.978-296-1005 X2015
M.207-956-0262
@mpicher <http://twitter.com/mpicher>
linkedin <http://www.linkedin.com/profile/view?id=35504760&trk=tab_pro>
www.ezuce.com

------------------------------------------------------------------------------------------------------------
There are 10 kinds of people in the world, those who understand binary and
those who don't.

Todd Hodgen

2012-07-18 19:17:59 UTC

Jira is created, and open to discussion. XX-10294

From: sipx-users-***@list.sipfoundry.org
[mailto:sipx-users-***@list.sipfoundry.org] On Behalf Of Michael Picher
Sent: Wednesday, July 18, 2012 12:15 PM
To: Discussion list for users of sipXecs software
Subject: Re: [sipx-users] 4.6 Passwords

i'd make that part of that Jira that Todd was going to create...

On Wed, Jul 18, 2012 at 3:14 PM, Kurt Albershardt <***@nv.net> wrote:

On Jul 18, 2012, at 1:15 , Todd Hodgen wrote:

Just for a point of discussion, setting these two password fields to random
numbers doesn't seem to provide any benefit to the administrator. I'm
assuming these are required to be there rather than a blank space. It
would be very beneficial to the administrator if something useable was put
into that field, even if they were all the same. For example - maybe a
specific number such as 5 + extension number. Or set them all to 1234 or
something similar. This way, the end user can be instructed on what is
there, and how to change it, rather than the administrator having to change
all of them to something useable.

With a random number, the end user can't log into voicemail or the GUI to
change it until after the administrator makes a change since it is random
and hidden.

Is there a "require password change on next login" option for the web portal
and voicemail? If a default passwords is populated, it should select this
option by default as well.

_______________________________________________
sipx-users mailing list
sipx-***@list.sipfoundry.org
List Archive: http://list.sipfoundry.org/archive/sipx-users/
--
Michael Picher, Director of Technical Services
eZuce, Inc.

300 Brickstone Square

Suite 201

Andover, MA. 01810

O.978-296-1005 X2015
M.207-956-0262
@mpicher <http://twitter.com/mpicher>

linkedin <http://www.linkedin.com/profile/view?id=35504760&trk=tab_pro>
www.ezuce.com

----------------------------------------------------------------------------
--------------------------------

There are 10 kinds of people in the world, those who understand binary and
those who don't.

George Niculae

2012-07-18 19:31:01 UTC

There is already one patch pending

http://track.sipfoundry.org/browse/XX-9121

At the time I looked in seemed to be fine though additional changes could
be required with latest code

George

Post by Todd Hodgen
Jira is created, and open to discussion. XX-10294
Sent: Wednesday, July 18, 2012 12:15 PM
To: Discussion list for users of sipXecs software
Subject: Re: [sipx-users] 4.6 Passwords
i'd make that part of that Jira that Todd was going to create...
Just for a point of discussion, setting these two password fields to

random numbers doesnt seem to provide any benefit to the administrator.
Im assuming these are required to be there rather than a blank space. It
would be very beneficial to the administrator if something useable was put
into that field, even if they were all the same. For example maybe a
specific number such as 5 + extension number. Or set them all to 1234 or
something similar. This way, the end user can be instructed on what is
there, and how to change it, rather than the administrator having to change
all of them to something useable.

Post by Todd Hodgen
With a random number, the end user cant log into voicemail or the GUI to

change it until after the administrator makes a change since it is random
and hidden.

Post by Todd Hodgen
Is there a "require password change on next login" option for the web

portal and voicemail? If a default passwords is populated, it should
select this option by default as well.

Post by Todd Hodgen
_______________________________________________
sipx-users mailing list
List Archive: http://list.sipfoundry.org/archive/sipx-users/
--
Michael Picher, Director of Technical Services
eZuce, Inc.
300 Brickstone Square
Suite 201
Andover, MA. 01810
O.978-296-1005 X2015
M.207-956-0262
@mpicher <http://twitter.com/mpicher>
linkedin
www.ezuce.com

------------------------------------------------------------------------------------------------------------

Post by Todd Hodgen
There are 10 kinds of people in the world, those who understand binary

and those who don't.

Tony Graziano

2012-07-18 19:35:07 UTC

I think the system can email the user their relevant passwords upon account
creation...

Post by Todd Hodgen
Just for a point of discussion, setting these two password fields to
random numbers doesnt seem to provide any benefit to the administrator.
Im assuming these are required to be there rather than a blank space. It
would be very beneficial to the administrator if something useable was put
into that field, even if they were all the same. For example maybe a
specific number such as 5 + extension number. Or set them all to 1234 or
something similar. This way, the end user can be instructed on what is
there, and how to change it, rather than the administrator having to change
all of them to something useable.****
** **
With a random number, the end user cant log into voicemail or the GUI to
change it until after the administrator makes a change since it is random
and hidden.
Is there a "require password change on next login" option for the web
portal and voicemail? If a default passwords is populated, it should
select this option by default as well.
_______________________________________________
sipx-users mailing list
List Archive: http://list.sipfoundry.org/archive/sipx-users/

--
LAN/Telephony/Security and Control Systems Helpdesk:
Telephone: 434.984.8426
sip: ***@voice.myitdepartment.net

Helpdesk Customers: http://myhelp.myitdepartment.net
Blog: http://blog.myitdepartment.net

George Niculae

2012-07-18 19:59:27 UTC

I concur with this (and afaik openUC already is doing this). IMO we should
avoid any easy recognizable pattern for this passwords - e.g. if I am 200
and know my generated pass is 71234 or 7200 I could easy guess 201's pin...

Post by Tony Graziano
I think the system can email the user their relevant passwords upon

account creation...

Post by Todd Hodgen
Just for a point of discussion, setting these two password fields to

Post by Todd Hodgen
With a random number, the end user cant log into voicemail or the GUI

to change it until after the administrator makes a change since it is
random and hidden.

Post by Todd Hodgen
Is there a "require password change on next login" option for the web

portal and voicemail? If a default passwords is populated, it should
select this option by default as well.

Post by Todd Hodgen
_______________________________________________
sipx-users mailing list
List Archive: http://list.sipfoundry.org/archive/sipx-users/

Telephone: 434.984.8426
Helpdesk Customers: http://myhelp.myitdepartment.net
Blog: http://blog.myitdepartment.net

Todd Hodgen

2012-07-18 20:26:03 UTC

Have you seen that work. There is an option at the bottom with a tick mark,
with the following below it - Flag that informs if the user has been
notified of his system account creation.

I created two new users, both with a known working email address with the
system, one with the tick marked, the other not marked. I did not received
any email notifications.

If that is the intent of that tick mark, then I believe it needs to be
reworded to something like - "Notify New user of Account Creation" or
something similar.

Problems I see with this - has there been a method created that allows for
mass importing of users, and marking that tick mark at the same time?

I agree, making passwords that default, or the same is a security risk for
individual voicemails, but if they are forced to change on the first entry,
then I believe you have mitigated that risk. It's been a standard practice
in the industry to have a default password on voicemail system, so I believe
most are prepared for it. The other option is to leave it empty until it
is created, as it was in the past.

If notification is sent out, that is great. But if no notification, and a
random password, it just doesn't make a lot of sense.

From: sipx-users-***@list.sipfoundry.org
[mailto:sipx-users-***@list.sipfoundry.org] On Behalf Of Tony Graziano
Sent: Wednesday, July 18, 2012 12:35 PM
To: Discussion list for users of sipXecs software
Subject: Re: [sipx-users] 4.6 Passwords

I think the system can email the user their relevant passwords upon account
creation...

On Jul 18, 2012 3:14 PM, "Kurt Albershardt" <***@nv.net> wrote:

On Jul 18, 2012, at 1:15 , Todd Hodgen wrote:

Just for a point of discussion, setting these two password fields to random
numbers doesn't seem to provide any benefit to the administrator. I'm
assuming these are required to be there rather than a blank space. It
would be very beneficial to the administrator if something useable was put
into that field, even if they were all the same. For example - maybe a
specific number such as 5 + extension number. Or set them all to 1234 or
something similar. This way, the end user can be instructed on what is
there, and how to change it, rather than the administrator having to change
all of them to something useable.

With a random number, the end user can't log into voicemail or the GUI to
change it until after the administrator makes a change since it is random
and hidden.

Is there a "require password change on next login" option for the web portal
and voicemail? If a default passwords is populated, it should select this
option by default as well.

_______________________________________________
sipx-users mailing list
sipx-***@list.sipfoundry.org
List Archive: http://list.sipfoundry.org/archive/sipx-users/

LAN/Telephony/Security and Control Systems Helpdesk:

Telephone: 434.984.8426

sip: ***@voice.myitdepartment.net

Helpdesk Customers: http://myhelp.myitdepartment.net

Blog: http://blog.myitdepartment.net

Mircea Carasel

2012-07-18 21:28:30 UTC

Post by Todd Hodgen
Have you seen that work. There is an option at the bottom with a tick
mark, with the following below it - Flag that informs if the user has
been notified of his system account creation.****
** **
I created two new users, both with a known working email address with the
system, one with the tick marked, the other not marked. I did not
received any email notifications.****
**

Post by Todd Hodgen
If that is the intent of that tick mark, then I believe it needs to be
reworded to something like Notify New user of Account Creation or
something similar.****
** **
Problems I see with this has there been a method created that allows for
mass importing of users, and marking that tick mark at the same time?

George is right, OpenUc automatically sends emails when user gets created,
and the Notified checkbox automatically gets checked. This applies for mass
import of users, they will receive emails (if email address is also
specified)
In open-source, no email gets sent - the administrator should manually send
email or somehow inform the user about account creation
Mircea

Post by Todd Hodgen
****
** **
I agree, making passwords that default, or the same is a security risk for
individual voicemails, but if they are forced to change on the first entry,
then I believe you have mitigated that risk. Its been a standard practice
in the industry to have a default password on voicemail system, so I
believe most are prepared for it. The other option is to leave it empty
until it is created, as it was in the past.****
** **
If notification is sent out, that is great. But if no notification, and a
random password, it just doesnt make a lot of sense.****
** **
*Sent:* Wednesday, July 18, 2012 12:35 PM
*To:* Discussion list for users of sipXecs software
*Subject:* Re: [sipx-users] 4.6 Passwords****
** **
I think the system can email the user their relevant passwords upon
account creation...****
On Jul 18, 2012, at 1:15 , Todd Hodgen wrote:****
****
Just for a point of discussion, setting these two password fields to
random numbers doesnt seem to provide any benefit to the administrator.
Im assuming these are required to be there rather than a blank space. It
would be very beneficial to the administrator if something useable was put
into that field, even if they were all the same. For example maybe a
specific number such as 5 + extension number. Or set them all to 1234 or
something similar. This way, the end user can be instructed on what is
there, and how to change it, rather than the administrator having to change
all of them to something useable.****
****
With a random number, the end user cant log into voicemail or the GUI to
change it until after the administrator makes a change since it is random
and hidden.****
** **
Is there a "require password change on next login" option for the web
portal and voicemail? If a default passwords is populated, it should
select this option by default as well.****
** **
** **
** **
** **
** **
** **
** **
_______________________________________________
sipx-users mailing list
List Archive: http://list.sipfoundry.org/archive/sipx-users/****
** **
LAN/Telephony/Security and Control Systems Helpdesk:****
Telephone: 434.984.8426****
** **
Helpdesk Customers: http://myhelp.myitdepartment.net****
Blog: http://blog.myitdepartment.net****
_______________________________________________
sipx-users mailing list
List Archive: http://list.sipfoundry.org/archive/sipx-users/

Todd Hodgen

2012-07-19 04:41:42 UTC

Seems like the tick box that says if users are notified or not shouldn't be
there then in Open Source, since it seems to apply only to the openUC
plugins. Does a Jira need to be created to remove it so it doesn't create
further confusion?

The simple solution for the passwords it seems is to just import them during
user creation, so that what is there is known in advance, and the
administrator doesn't have to go in and change each and every one.

I believe the options provided in the Jira still apply and can be a good
resolution.

From: sipx-users-***@list.sipfoundry.org
[mailto:sipx-users-***@list.sipfoundry.org] On Behalf Of Mircea Carasel
Sent: Wednesday, July 18, 2012 2:29 PM
To: Discussion list for users of sipXecs software
Subject: Re: [sipx-users] 4.6 Passwords

On Wed, Jul 18, 2012 at 11:26 PM, Todd Hodgen <***@frontier.com> wrote:

Have you seen that work. There is an option at the bottom with a tick mark,
with the following below it - Flag that informs if the user has been
notified of his system account creation.

I created two new users, both with a known working email address with the
system, one with the tick marked, the other not marked. I did not received
any email notifications.

If that is the intent of that tick mark, then I believe it needs to be
reworded to something like - "Notify New user of Account Creation" or
something similar.

Problems I see with this - has there been a method created that allows for
mass importing of users, and marking that tick mark at the same time?

George is right, OpenUc automatically sends emails when user gets created,
and the Notified checkbox automatically gets checked. This applies for mass
import of users, they will receive emails (if email address is also
specified)

In open-source, no email gets sent - the administrator should manually send
email or somehow inform the user about account creation

Mircea

I agree, making passwords that default, or the same is a security risk for
individual voicemails, but if they are forced to change on the first entry,
then I believe you have mitigated that risk. It's been a standard practice
in the industry to have a default password on voicemail system, so I believe
most are prepared for it. The other option is to leave it empty until it
is created, as it was in the past.

If notification is sent out, that is great. But if no notification, and a
random password, it just doesn't make a lot of sense.

From: sipx-users-***@list.sipfoundry.org
[mailto:sipx-users-***@list.sipfoundry.org] On Behalf Of Tony Graziano
Sent: Wednesday, July 18, 2012 12:35 PM

To: Discussion list for users of sipXecs software
Subject: Re: [sipx-users] 4.6 Passwords

I think the system can email the user their relevant passwords upon account
creation...

On Jul 18, 2012 3:14 PM, "Kurt Albershardt" <***@nv.net> wrote:

On Jul 18, 2012, at 1:15 , Todd Hodgen wrote:

Just for a point of discussion, setting these two password fields to random
numbers doesn't seem to provide any benefit to the administrator. I'm
assuming these are required to be there rather than a blank space. It
would be very beneficial to the administrator if something useable was put
into that field, even if they were all the same. For example - maybe a
specific number such as 5 + extension number. Or set them all to 1234 or
something similar. This way, the end user can be instructed on what is
there, and how to change it, rather than the administrator having to change
all of them to something useable.

With a random number, the end user can't log into voicemail or the GUI to
change it until after the administrator makes a change since it is random
and hidden.

Is there a "require password change on next login" option for the web portal
and voicemail? If a default passwords is populated, it should select this
option by default as well.

_______________________________________________
sipx-users mailing list
sipx-***@list.sipfoundry.org
List Archive: http://list.sipfoundry.org/archive/sipx-users/

LAN/Telephony/Security and Control Systems Helpdesk:

Telephone: 434.984.8426

sip: ***@voice.myitdepartment.net

Helpdesk Customers: http://myhelp.myitdepartment.net

Blog: http://blog.myitdepartment.net

Mircea Carasel

2012-07-19 06:53:29 UTC

Seems like the tick box that says if users are notified or not shouldnt
be there then in Open Source, since it seems to apply only to the openUC
plugins. Does a Jira need to be created to remove it so it doesnt
create further confusion?****
**

Actually, we didn't find an elegant, pluggable way to hide that tick box
in open-source :), and we were thinking that maybe there is some value in
it even for open-source, as the administrator may manually check it when he
is sure that the user is informed by his account creation, and leave it
unchecked if he thinks that he still needs to somehow inform the user about
the account creation...

**
The simple solution for the passwords it seems is to just import them
during user creation, so that what is there is known in advance, and the
administrator doesnt have to go in and change each and every one. ****
** **
I believe the options provided in the Jira still apply and can be a good
resolution.

Yes, the options provided in Jira still apply, and we are going to address
them and provide resolution...
Thanks,
Mircea

****
** **
*Sent:* Wednesday, July 18, 2012 2:29 PM
*To:* Discussion list for users of sipXecs software
*Subject:* Re: [sipx-users] 4.6 Passwords****
** **
** **
wrote:****
Have you seen that work. There is an option at the bottom with a tick
mark, with the following below it - Flag that informs if the user has
been notified of his system account creation.****
****
I created two new users, both with a known working email address with the
system, one with the tick marked, the other not marked. I did not
received any email notifications.****
****
If that is the intent of that tick mark, then I believe it needs to be
reworded to something like Notify New user of Account Creation or
something similar.****
****
Problems I see with this has there been a method created that allows for
mass importing of users, and marking that tick mark at the same time? ****
George is right, OpenUc automatically sends emails when user gets created,
and the Notified checkbox automatically gets checked. This applies for mass
import of users, they will receive emails (if email address is also
specified)****
In open-source, no email gets sent - the administrator should manually
send email or somehow inform the user about account creation ****
Mircea****
****
I agree, making passwords that default, or the same is a security risk for
individual voicemails, but if they are forced to change on the first entry,
then I believe you have mitigated that risk. Its been a standard practice
in the industry to have a default password on voicemail system, so I
believe most are prepared for it. The other option is to leave it empty
until it is created, as it was in the past.****
****
If notification is sent out, that is great. But if no notification, and a
random password, it just doesnt make a lot of sense.****
****
*Sent:* Wednesday, July 18, 2012 12:35 PM****
*To:* Discussion list for users of sipXecs software
*Subject:* Re: [sipx-users] 4.6 Passwords****
****
I think the system can email the user their relevant passwords upon
account creation...****
On Jul 18, 2012, at 1:15 , Todd Hodgen wrote:****
** **
Just for a point of discussion, setting these two password fields to
random numbers doesnt seem to provide any benefit to the administrator.
Im assuming these are required to be there rather than a blank space. It
would be very beneficial to the administrator if something useable was put
into that field, even if they were all the same. For example maybe a
specific number such as 5 + extension number. Or set them all to 1234 or
something similar. This way, the end user can be instructed on what is
there, and how to change it, rather than the administrator having to change
all of them to something useable.****
****
With a random number, the end user cant log into voicemail or the GUI to
change it until after the administrator makes a change since it is random
and hidden.****
****
Is there a "require password change on next login" option for the web
portal and voicemail? If a default passwords is populated, it should
select this option by default as well.****
****
****
****
****
****
****
****
_______________________________________________
sipx-users mailing list
List Archive: http://list.sipfoundry.org/archive/sipx-users/****
****
LAN/Telephony/Security and Control Systems Helpdesk:****
Telephone: 434.984.8426****
****
Helpdesk Customers: http://myhelp.myitdepartment.net****
Blog: http://blog.myitdepartment.net****
_______________________________________________
sipx-users mailing list
List Archive: http://list.sipfoundry.org/archive/sipx-users/****
** **
_______________________________________________
sipx-users mailing list
List Archive: http://list.sipfoundry.org/archive/sipx-users/

George Niculae

2012-07-19 07:03:43 UTC

Post by Todd Hodgen
I believe the options provided in the Jira still apply and can be a good

resolution.

Post by Mircea Carasel
Yes, the options provided in Jira still apply, and we are going to

address them and provide resolution...

IMO we should have also the generate random passwords option in addition to
what jira describes

Mircea Carasel

2012-07-19 07:11:23 UTC

Post by Todd Hodgen
I believe the options provided in the Jira still apply and can be a

good resolution.

Post by Mircea Carasel
Yes, the options provided in Jira still apply, and we are going to

address them and provide resolution...
IMO we should have also the generate random passwords option in addition
to what jira describes

Right, actually that will be the option used for openuc, when email gets
sent to the user...

_______________________________________________
sipx-users mailing list
List Archive: http://list.sipfoundry.org/archive/sipx-users/

Todd Hodgen

2012-07-19 07:26:57 UTC

Thanks Guys! It all sounds good to me.

From: sipx-users-***@list.sipfoundry.org
[mailto:sipx-users-***@list.sipfoundry.org] On Behalf Of Mircea Carasel
Sent: Thursday, July 19, 2012 12:11 AM
To: Discussion list for users of sipXecs software
Subject: Re: [sipx-users] 4.6 Passwords

Post by Todd Hodgen
I believe the options provided in the Jira still apply and can be a good

resolution.

Post by Mircea Carasel
Yes, the options provided in Jira still apply, and we are going to address

them and provide resolution...

IMO we should have also the generate random passwords option in addition to
what jira describes

Right, actually that will be the option used for openuc, when email gets
sent to the user...

Joe Micciche

2012-07-23 15:46:35 UTC

Post by Todd Hodgen
It's not a bad idea. Many voicemails will have a default of
0000 or 1111 or something similar. I have a default that I
apply to all installations when I import my file just so there
is something there that I can convey to everyone easily during
training.
Todd,

With 4.6 we have two sets of credentials as you noticed instead of
one -Voicemail PIN which defaults to a random value of 4 digits -
so we don't set a constant default value, we generate a random
sequence of 4 digits as a default -User password which stands for
User Portal, XMPP, REST API, Open ACD password (same for all of
them) - this is the same here, we don't set a constant default
value, we generate a random sequence of 8 characters as a default
Basically the administrator will have to manually set desired
values Another change regarding passwords is that now the SIP
password is a random sequence of 12 characters (instead of 8 as it
was in 4.4)

Is there any possibility of making this configurable? Specifically,
synchronizing passwords via check box to synch web portal, voicemail,
XMPP to a single password?

Also, how does this play with LDAP-based authentication?

Admittedly we have not played much with 4.6, but to us having multiple
passwords (aside from SIP auth and everything else) is a regression -
we're moving off a platform that does this, it's an unholy PITA.

"Unified communications" is easily broken when a user is confused
about which pwd to use where.............

- --
==================================================================
Joe Micciche ***@redhat.com
Red Hat, Inc. http://www.redhat.com
Senior Communications Engineer X(81) 44554
+1.919.754.4554
==================================================================

Mircea Carasel

2012-07-23 16:10:43 UTC