Summary:ASTERISK-02321: [patch] Add option to force immediate password change if user has a specific password
Reporter:kb1_kanobe2 (kb1_kanobe2)Labels:
Date Opened:2004-09-02 02:14:10Date Closed:2004-09-25 02:07:30
Versions:Frequency of
Environment:Attachments:( 0) asterisk-voicemail-optional-manditory-password-change.diff
Description:The attached patch, mostly recycled from other code in app_voicemail.c, allows for a new optional parameter in voicemail.conf called 'forcepwchange'. If a user logs in using a password that matches the value of 'forcepwchange' they forced to immediately change their password.

It's assumed that the value of 'forcepwchange' will be the same as the sites default password for users mailboxes  thereby forcing them to rotate away from the default password.

If 'forcepwchange' is left undefined the behaviour will be as before - namely, no forcing of anything.


This patch assumes the existance of soundbyte 'vm-mustchangepasswd' that, strangely, voices 'you must change your password'.

The patch was needed at our site as we have recently deployed Comedian mail to > 65 users in conjunction with Asterisk and a complete revamp of our dialplan. Unfortunatly users have been misdialing their new voicemail box numbers and, ultimately, changing other peoples greetings as they were mostly still using the same default password...

Although it's ugly inline code, this would seem a prudent first step in adding some rudimentary strength to voicemail passwords.
Comments:By: Olle Johansson (oej) 2004-09-02 16:27:26

Do you have a disclaimer on file with Digium?

By: Mark Spencer (markster) 2004-09-02 16:33:52

Yah, the patch is a little heavy on the code duplication.  I'm going to mark this as a dupe of 2077 which is a bit cleaner, but still needs some work.