Filter
Top Products
112-2
Cisco Unified Communications Manager Administration Guide
OL-18611-01
Chapter 112 Credential Policy Configuration
Credential Policy Configuration Settings
Passwords can contain any alphanumeric ASCII character and all ASCII special characters. A non-trivial
password meets the following criteria:
• Must contain three of the four allowable characteristics: uppercase character, lowercase character,
number, symbol.
• Must not use a character or number more than three times consecutively.
• Must not repeat or include the alias, username, or extension.
• Cannot consist of consecutive characters or numbers (for example, passwords such as 654321 or
ABCDEFG)
PINs can contain digits (0-9) only. A non-trivial PIN meets the following criteria:
• Must not use the same number more than two times consecutively.
• Must not repeat or include the user extension or mailbox or the reverse of the user extension or
mailbox.
• Must contain three different numbers; for example, a PIN such as 121212 is trivial.
• Must not match the numeric representation (that is, dial by name) for the first or last name of the
user.
• Must not contain groups of repeated digits, such as 408408, or patterns that are dialed in a straight
line on a keypad, such as 2580, 159, or 753.
Table 112-1 Credential Policy Configuration Settings
Field Description
Display Name Specify the credential policy name.
Enter up to 64 characters, except for quotation marks. Do not enter tab.
Failed Logon / No Limit for
Failed Logons
Specify the number of allowed failed logon attempts. When this
threshold is reached, the system locks the account.
Enter a number in the range 1-100. To allow unlimited failed logons,
enter 0 or check the No Limit for Failed Logons check box. Uncheck the
check box to enter a value greater than 0. The default setting specifies 3.
Reset Failed Logon
Attempts Every
Specify the number of minutes before the counter is reset for failed logon
attempts. After the counter resets, the user can try logging in again.
Enter a number in the range 1-120. The default setting specifies 30.
Lockout Duration /
Administrator Must Unlock
Specify the number of minutes an account remains locked when the
number of failed logon attempts exceeds the specified threshold.
Enter a number in the range 1-1440. Enter 0 or check the Administrator
Must Unlock check box, so accounts will remain locked until an
administrator manually unlocks them. Uncheck the check box to enter a
value greater than 0. The default setting specifies 30.
Minimum Duration
Between Credential
Changes
Specify the number of minutes that are required before a user can change
credentials again.
Enter 0 to allow a user to change credentials at any time. Uncheck the
check box to enter a value greater than 0. The default setting specifies 0.