DEFINITY Enterprise Communications Server Release 5
Maintenance and Test for R5vs/si
555-230-123
Issue 1
April 1997
Management Terminals
Page 3-3System Login Procedure
3
System Login Procedure
Forced Password Aging and Administrable
Logins
Release 5 and later releases provide enhanced login/password security by
adding a security feature that allows users to define their own logins/passwords
and to specify a set of commands for each login. The system allows up to 11
customer logins. Each login name can be customized and must be made up of
from 3 to 6 alphabetic/numeric characters, or a combination of both. A password
must be from 4 to 11 characters in length and contain at least 1 alphabetic and 1
numeric symbol. Password aging is an optional feature that the super-user
administering the logins can activate.
NOTE:
If several users are logging in and out at the same time, a user may see the
message “Transient command conflict detected; please try later”. After the
“users” have completed logging in or out, the terminal is available for use.
The password for each login can be aged starting with the date the password
was created, or changed, and continuing for a specified number of days (1 to
99). The user is notified at the login prompt, 7 days before the password
expiration date, that the password is about to expire. When the password expires
the user is required to enter a new password into the system before logging in. If
a login is added or removed, the “Security Measurement” reports are not
updated until the next hourly poll, or a clear measurements security-violations
command is entered. Once a non-super-user has changed the password, the
user must wait 24 hours to change the password again.
Security is enhanced by providing a logoff notification screen to a system
administrator at log off while either the facility test call or remote access features
are still administered. The administrator can be required to acknowledge the
notification before completing the logoff process. Logoff notification is
administered on the Login Administration screen.
Release 5 and later releases are delivered to the customer with one customer
“super-user” login/password defined. The customer is required to administer
additional login/passwords as needed. The super-user login has full customer
permissions and can customize any login created.
Login permissions for a specified login can be set by the super-user to block any
object that may compromise switch security. Up to 40 administration or
maintenance objects commands can be blocked for a specified login in.
Release 5 and later releases commands are grouped into three command
categories. Each of the three command categories has a group of command
subcategories listed under them, and each command subcategory has a list of
command objects that the commands acts on. A super-user can set a users