Administering passwords

This topic provides information on administering the passwords used to control access to the system. Complete the steps in this topic when you want to change the password for a login or set the interval at which the system's passwords have to be changed.

Overview of passwords

Access to the Message Networking system is controlled by a set of passwords that provide different access levels. The following passwords are provided with the system for system installers, administrators, and support personnel:

• sa: The sa login is for use by the customer's system administrators either from the console or via another computer on the customer's LAN.
• craft: The craft login is for use by Avaya personnel performing system installation, administration, or maintenance on the customer site, either from the console or via another computer on the customer's LAN.
• dadmin: The dadmin login is for use by Avaya Business Partners performing administration or maintenance on the customer site, either from the console or via another computer on the customer's LAN. The customer must use the craft login to activate the dadmin login and grant permission. The dadmin login has the same permissions as the craft login.
• icftp: The icftp login is for use with Message Networking's FTP feature. The FTP feature enables file importing and exporting.
• sappp: The sappp login is for use by a system administrator performing system administration and maintenance remotely via dial up. You must set up the sappp password to allow the remote administrator to dial in to the system.
• craftppp: The craftppp login is for use by remote Avaya personnel performing system installation, administration, or maintenance via dial up. You must set up the craftppp password to allow the remote Avaya personnel to dial in to the system.

When your system is installed, the sa and icftp logins come with default passwords. You must change these passwords immediately to ensure system security following minimum password standards. You should also set up the system's ppp passwords, to allow a remote service center to dial in to the system to perform troubleshooting or system maintenance. See Administering logins and passwords for information on setting up additional logins.

Additionally, you can administer several parameters of the password aging feature that will enhance the level of security the system maintains.

Note: You can administer the Access Security Gateway (ASG) on the Message Networking system to provide additional security. The ASG provides the newest generation of strong authentication for the Message Networking system logins by challenging each potential dial-up session user when the authentication type for a particular login is set to ASG. To respond to the ASG challenge, the user must have a handheld device, called the ASG Key, which must be set with an ASG secret key number that matches that of the user's ASG secret key number in the Message Networking system.

Guidelines for passwords

To minimize the risk of unauthorized people using the Message Networking system, follow these guidelines for system administrator passwords.

• Establish a new password as soon as the Message Networking system is installed.
• Use a password containing 6–8 alphanumeric characters.
• Never use obvious passwords, such as a telephone extension, room number, employee identification number, social security number, or easily guessed numeric or letter combinations (for example, denver or audix).
• Do not post, share, print, or write down passwords.
• Do not put the password on a programmable function key.
• Change the password at least once per month. You can administer your system to age the password and notify you that a new password is required. See Setting administrator password aging for more information.
• If you suspect that the security of any password has been compromised, notify your project manager or system administrator.

Changing passwords

You should immediately change the password for the sa, icftp, craft, and dadmin logins after your system is installed. Once a new password is established, you should also establish a regular schedule for changing the password, for example, at least monthly. Be sure to alert any other Message Networking administrators or system administrators to the change in the passwords.

The passwords for which you can set Password Aging depend on your login. For example, when you are logged in with the sa password, you can set Password Aging for the sa, icftp, and sappp passwords.

To change the password for the sa login:

1. Start at the Administration menu, and select Basic System Administration > Password Administration > Assign/Change Password.
   The system displays the Assign/Change Password page. For information about the fields on this page, click Help.
2. At the Login drop-down box, select the login for the password you want to change.
3. In the New Password field, type a new password containing 6–8 alphanumeric characters.
4. In the Reenter New Password field, type the new password again for verification.
5. Click Save.
   The system displays a confirmation message.

6. Click Return to Main to return to the Administration menu.

Setting Administrator Password Aging

You can determine how often the system's passwords have to be changed by setting the Password Aging. The passwords for which you can set Password Aging depend on your login. For example, when you are logged in with the sa password, you can set Password Aging for the sa, icftp, and sappp passwords. It is strongly recommended that you set Password Aging for administrator passwords to help maintain a high level of system security. However, the sa login can disable the Password Aging feature for the sa login.

To set administrator Password Aging:

1. Start at the Administration menu, and select Basic System Administration > Password Administration > Assign/Change Password Aging.
2. At the Login drop-down box, select the login for which you want to change aging.
3. Click Save.
   The system displays the Change Password Aging page. For information about the fields on this page, click Help.
4. Designate the attributes for this login password by selecting Yes/No, and type the number of days.
   For additional information on any field, click the field name.
5. Click Save.
   The system displays a confirmation message.
6. To change the aging attributes for other logins, click Back (on the browser toolbar) twice, and reselect a login.

7. Click Return to Main to return to the Administration menu.

Top of page