Avaya S8100 User Manual
B Set up customer logins
Communication Manager logins for customers
292
S8100 Installation and Upgrades
November 2003
Forced password aging
Forced password aging operates as follows:
•
The password for each login can be aged starting with the date the password was created, or
changed, and continuing for a specified number of days (1 to 99).
changed, and continuing for a specified number of days (1 to 99).
•
7 days before the password expiration date, the user is notified that the password is about to expire
at the login prompt.
at the login prompt.
•
When the password expires the user is required to enter a new password into the system before
logging in.
logging in.
•
If a login is added or removed, the Security Measurement reports are not updated until the next
hourly poll, or when a clear measurements security-violations command is entered.
hourly poll, or when a clear measurements security-violations command is entered.
•
Once a non-super-user has changed the password, the user must wait 24 hours to change the
password again.
password again.
Logoff notification
Security is enhanced by providing a logoff notification screen to a system administrator at log off while
either the facility test call or remote access features are still administered. The administrator can be
required to acknowledge the notification before completing the logoff process. Logoff notification is
administered on the Login Administration screen.
either the facility test call or remote access features are still administered. The administrator can be
required to acknowledge the notification before completing the logoff process. Logoff notification is
administered on the Login Administration screen.
Super user
Avaya delivers the S8100/G600/CMC1 solution to the customer with 1 customer “super-user”
login/password defined. The customer administers additional login/passwords as needed. The super-user
login has full customer permissions and can customize any login created.
login/password defined. The customer administers additional login/passwords as needed. The super-user
login has full customer permissions and can customize any login created.
Login permissions for a specified login can be set by the super user to block any object that may
compromise switch security. Up to 40 administration or maintenance objects commands can be blocked
for a specified login ID.
compromise switch security. Up to 40 administration or maintenance objects commands can be blocked
for a specified login ID.
Administer login command permissions
Users with super-user permissions can set the permissions of logins they create by performing a change
permissions <login-name> command. This causes the Login Permissions form to display. The Login
Permissions form allows the user to control access to various categories of commands for a given login. It
also permits restricting access to objects (forms) on an individual basis for up to 40 objects. Restricting an
object means that no commands may be performed on that object by that login (add, change, remove,
etc.) The three main categories of commands are:
permissions <login-name> command. This causes the Login Permissions form to display. The Login
Permissions form allows the user to control access to various categories of commands for a given login. It
also permits restricting access to objects (forms) on an individual basis for up to 40 objects. Restricting an
object means that no commands may be performed on that object by that login (add, change, remove,
etc.) The three main categories of commands are:
•
Common commands
•
Administration commands
•
Optional maintenance commands