Information Technology Reference
In-Depth Information
Table 9-2
End Users Versus Application Users
End Users
Application Users
Associated with an actual person
Associated with an application
For individual use in interactive logins
For noninteractive logins
Used to assign user features and administrative
rights
Used for application authorization
Included in the user directory
Not included in the user directory
Can be provisioned and authenticated using LDAP
Must be provisioned locally (no
LDAP)
Credential Policy
The Credential Policy defines preset passwords, end-user PINs, and application-user pass-
words. The default Credential Policy applies the application password specified at install
to all Application Users.
Administrators can define additional policies that can specify the allowed number of
failed login attempts, minimum password length, minimum time between password
changes, number of previous passwords stored, and the lifetime of the password. The pol-
icy can also check for weak passwords. A strong password:
Contains three of the four characteristics: uppercase, lowercase, numbers, and symbols
■
Cannot use the same number or character more than three times consecutively
■
Cannot include the alias, username, or extension
■
Cannot include consecutive numbers or characters
■
Similar rules exist for phone PINs:
Cannot use any number more than two times consecutively
■
Cannot include the user mailbox or extension, nor the reverse of them
■
Must contain at least three different numbers (for example, 121212 is invalid)
■
Cannot be the dial-by-name version of the user name (such as Mike = 6453)
■
Cannot contain repeated digit patterns, nor any patterns that are dialed in a straight
line on the phone keypad (for example, 2580 or 357)
■
Features Interacting with User Accounts
The following features use the End-User-Account login process, with either the user-
name/password or PIN as the authentication:
Unified CM Administration web pages
■
User web pages
■
