Voicemail Password Validation
Since Asterisk 1.6.1 there is a new variable in voicemail.conf
to launch an external application when someone wants to change their voicemail password via a phone keypad. This app can validate the new password. This is most useful for administrators who want to enforce more strict password requirements. Adding this option is as simple as:
externpasscheck=/mnt/kd/bin/ast-vmpasscheck
It can check for the following requirements:
- Minimum length (i.e. >= 4)
- Can not be the same as the extension (mailbox)
- Can not be the old password
- Can not contain consecutive numbers, in sets of four (i.e. 1234, or 8765)
- Can not contain the same digit, in sets of four (i.e. 1111)
- Can not be the same as the extension plus a single digit
You can just comment out the requirements you don't need/want.
Here is a bash script from Lonnie (currently not yet included in AstLinux):
- ast-vmpasscheck.sh
#!/bin/bash # ast-vmpasscheck # # Input Arg1: mbox_number # Input Arg2: context # Input Arg3: oldpassword # Input Arg4: newpassword # # When the voicemail.conf file has "externpasscheck=" pointed to this script, # Asterisk VoiceMailMain password change attempts will be validated. # REQUIRED_LENGTH=4 mbox="$1" old_pw="$3" new_pw="$4" reject() { echo "INVALID${1:+: $1}" exit 0 } string_in_string() { local needle="$1" haystack="$2" if [ "$haystack" != "${haystack/$needle/}" ]; then return 0 fi return 1 } if [ ${#new_pw} -lt $REQUIRED_LENGTH ]; then reject "Password too short" fi if [ "$mbox" = "$new_pw" ]; then reject "Same as mailbox number detected" fi if [ "$old_pw" = "$new_pw" ]; then reject "Same as old password detected" fi for i in 0123 1234 2345 3456 4567 5678 6789 9876 8765 7654 6543 5432 4321 3210; do if string_in_string "$i" "$new_pw"; then reject "Sequence detected" fi done for i in 0000 1111 2222 3333 4444 5555 6666 7777 8888 9999; do if string_in_string "$i" "$new_pw"; then reject "Multiples detected" fi done delta=$((${#new_pw} - ${#mbox})) if [ $delta -eq 1 ]; then if string_in_string "$mbox" "$new_pw"; then reject "Too similar to mailbox number detected" fi fi echo "VALID" exit 0
Asterisk 1.8 has also the feature to set a minimum Voicemail Password length without the script:
; minpassword=0 ; Enforce minimum password length