userdoc:tt_vm_password_validation

Voicemail Password Validation

Since Asterisk 1.6.1 there is a new variable in voicemail.conf to launch an external application when someone wants to change their voicemail password via a phone keypad. This app can validate the new password. This is most useful for administrators who want to enforce more strict password requirements. Adding this option is as simple as:

externpasscheck=/mnt/kd/bin/ast-vmpasscheck

It can check for the following requirements:

  • Minimum length (i.e. >= 4)
  • Can not be the same as the extension (mailbox)
  • Can not be the old password
  • Can not contain consecutive numbers, in sets of four (i.e. 1234, or 8765)
  • Can not contain the same digit, in sets of four (i.e. 1111)
  • Can not be the same as the extension plus a single digit

You can just comment out the requirements you don't need/want.

Here is a bash script from Lonnie (currently not yet included in AstLinux):

ast-vmpasscheck.sh
#!/bin/bash
 
# ast-vmpasscheck
#
# Input Arg1: mbox_number
# Input Arg2: context
# Input Arg3: oldpassword
# Input Arg4: newpassword
#
# When the voicemail.conf file has "externpasscheck=" pointed to this script,
# Asterisk VoiceMailMain password change attempts will be validated.
#
 
REQUIRED_LENGTH=4
 
mbox="$1"
old_pw="$3"
new_pw="$4"
 
reject()
{
  echo "INVALID${1:+: $1}"
 
  exit 0
}
 
string_in_string()
{
  local needle="$1" haystack="$2"
 
  if [ "$haystack" != "${haystack/$needle/}" ]; then
    return 0
  fi
 
  return 1
}
 
if [ ${#new_pw} -lt $REQUIRED_LENGTH ]; then
  reject "Password too short"
fi
 
if [ "$mbox" = "$new_pw" ]; then
  reject "Same as mailbox number detected"
fi
 
if [ "$old_pw" = "$new_pw" ]; then
  reject "Same as old password detected"
fi
 
for i in 0123 1234 2345 3456 4567 5678 6789 9876 8765 7654 6543 5432 4321 3210; do
  if string_in_string "$i" "$new_pw"; then
    reject "Sequence detected"
  fi
done
 
for i in 0000 1111 2222 3333 4444 5555 6666 7777 8888 9999; do
  if string_in_string "$i" "$new_pw"; then
    reject "Multiples detected"
  fi
done
 
delta=$((${#new_pw} - ${#mbox}))
if [ $delta -eq 1 ]; then
  if string_in_string "$mbox" "$new_pw"; then
    reject "Too similar to mailbox number detected"
  fi
fi
 
echo "VALID"
exit 0

Asterisk 1.8 has also the feature to set a minimum Voicemail Password length without the script:

; minpassword=0 ; Enforce minimum password length
  • userdoc/tt_vm_password_validation.txt
  • Last modified: 2012/08/01 03:46
  • by droemel