Specifications

ManualsBrandsCisco ManualsAnswering MachineUnity Express 8.0 Voice-Mail System

391

392

393

394

395

396

397

398

399

400

19-16

Cisco Unity Express Voice-Mail and Auto-Attendant CLI Administrator Guide for 3.0 and Later Versions

OL-14010-09

Chapter 19 Advanced Configuration

Configuring Password and PIN Parameters

DETAILED STEPS

Configuring Password and PIN Protection Lockout Modes

Starting in release 3.0, you can use both temporary and permanent lockout for passwords and PINs to

help prevent security breeches.

For permanent lockout mode, the user’s account is permanently locked after a specified number of

incorrect passwords or PINs are entered. After the account is locked, only the administrator can unlock

it and reset the password.

For temporary lockout mode, the user’s account is temporarily locked after a specified number of initial

incorrect passwords or PINs are entered. This lockout lasts for a specified amount of time. If the

maximum number of incorrect passwords or PINs is exceeded for a second time, the account is locked

for twice the specified a mount of time. The lockout time continues to increase for each set of incorrect

passwords or PINs until the total number of failed login attempts equals the number specified to lock the

account permanently. To prevent denial-of-service attacks, the retry count is not incremented if a user

tries to log in during the lockout period. If the user enters the correct password or PIN and logs in

successfully, the lockout time is reset to zero. After the account is permanently locked, only the

administrator can unlock it and reset the password. When the administrator unlocks the account, the retry

count and disable time are also reset to zero.

To configure the behavior for permanent lockouts, specify:

• Lockout mode (set to permanent)

• Maximum number of failed login attempts allowed before the account is locked

To configure the behavior for temporary lockouts, specify:

• Lockout mode (set to temporary)

• Number of failed attempts that trigger the initial temporary lockout

• Duration of initial temporary lockout

• Number of failed attempts that will lock the account permanently

You have the following four options when using password and PIN protect:

• Password Protection with:

–

Permanent Lockout

–

Temporary Lockout

• PIN Protection with:

–

Permanent Lockout

Command or Action Purpose

Step 1

config t

Example:

se-10-0-0-0# config t

Enters configuration mode.

Step 2

security password lockout enable

Example:

se-10-0-0-0(config)# security pin trivialcheck

Enables the PIN trivial check validation feature.