====== Voicemail Password Validation ======

Since Asterisk 1.6.1 there is a new variable in ''voicemail.conf'' to launch an external application when someone wants to change their voicemail password via a phone keypad. This app can validate the new password. This is most useful for administrators who want to enforce more strict password requirements.  Adding this option is as simple as:

  externpasscheck=/mnt/kd/bin/ast-vmpasscheck
  
It can check for the following requirements:

  * Minimum length (i.e. >= 4)
  * Can not be the same as the extension (mailbox)
  * Can not be the old password
  * Can not contain consecutive numbers, in sets of four (i.e. 1234, or 8765)
  * Can not contain the same digit, in sets of four (i.e. 1111)
  * Can not be the same as the extension plus a single digit


You can just comment out the requirements you don't need/want.

Here is a bash script from Lonnie //(currently not yet included in AstLinux)//:

<code bash ast-vmpasscheck.sh>
#!/bin/bash

# ast-vmpasscheck
#
# Input Arg1: mbox_number
# Input Arg2: context
# Input Arg3: oldpassword
# Input Arg4: newpassword
#
# When the voicemail.conf file has "externpasscheck=" pointed to this script,
# Asterisk VoiceMailMain password change attempts will be validated.
#

REQUIRED_LENGTH=4

mbox="$1"
old_pw="$3"
new_pw="$4"

reject()
{
  echo "INVALID${1:+: $1}"

  exit 0
}

string_in_string()
{
  local needle="$1" haystack="$2"

  if [ "$haystack" != "${haystack/$needle/}" ]; then
    return 0
  fi

  return 1
}

if [ ${#new_pw} -lt $REQUIRED_LENGTH ]; then
  reject "Password too short"
fi

if [ "$mbox" = "$new_pw" ]; then
  reject "Same as mailbox number detected"
fi

if [ "$old_pw" = "$new_pw" ]; then
  reject "Same as old password detected"
fi

for i in 0123 1234 2345 3456 4567 5678 6789 9876 8765 7654 6543 5432 4321 3210; do
  if string_in_string "$i" "$new_pw"; then
    reject "Sequence detected"
  fi
done

for i in 0000 1111 2222 3333 4444 5555 6666 7777 8888 9999; do
  if string_in_string "$i" "$new_pw"; then
    reject "Multiples detected"
  fi
done

delta=$((${#new_pw} - ${#mbox}))
if [ $delta -eq 1 ]; then
  if string_in_string "$mbox" "$new_pw"; then
    reject "Too similar to mailbox number detected"
  fi
fi

echo "VALID"
exit 0
</code>

Asterisk 1.8 has also the feature to set a minimum Voicemail Password length without the script:

  ; minpassword=0 ; Enforce minimum password length