[asterisk-users] Secure passwords, was LDAP integration
John A. Sullivan III
jsullivan at opensourcedevel.com
Tue Sep 29 11:49:09 CDT 2009
On Tue, 2009-09-29 at 11:23 -0500, Tilghman Lesher wrote:
> On Tuesday 29 September 2009 10:30:37 John A. Sullivan III wrote:
> > Second, I believe we saw a way we could map the Asterisk password to the
> > regular user password (it's been a while so I'm not sure about that) but
> > were concerned about the problems of entering secure passwords from a
> > phone keypad. We enforce fairly secure passwords - at least nine
> > characters with some variety of characters and encourage much longer
> > passwords. Having to enter lots of characters in both cases as well as
> > symbols seemed difficult from a phone keypad. Thus, we decided
> > (reluctantly) to use separate simple passwords for phone access instead
> > of the very secure passwords we use to data access.
>
> I would hope that you're at least restricting your peers to be limited to a
> set of IPs distinctive to your phones. Otherwise, this is a recipe for
> disaster, especially if a) your registration server is accessible externally,
> and b) your phones are permitted to make toll calls, especially international
> numbers.
>
> Most good IP phones permit a method of configuration which does not require
> typing a password into a keypad. You should probably learn to use that method
> or switch to a phone with that ability, then use secure passwords. Phones are
> just as important as data and should be supplied with complex passwords.
>
Thanks for the feedback. Indeed, we do restrict the SIP domains and do
not allow registration from outside the internal network and we do use
passwords - just not as sophisticated.
Perhaps I am being overly conscious of client simplicity. I was
thinking of the case where internal users might temporarily move to
another phone. Rather than pulling up the web interface to the phone,
we wanted them to be able to register through the phone keypad. I
suppose they would need to enter their IDs anyway and those are
alpha-numeric. Thus, the entering passwords would be similar to
entering the IDs. On the other hand, we do tend to use the same
registration password for voicemail and meetme and those are regularly
entered from the key pad. Thanks - John
--
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan at opensourcedevel.com
http://www.spiritualoutreach.com
Making Christianity intelligible to secular society
More information about the asterisk-users
mailing list