Cisco Unified Communications Manager Administration Guide
Chapter 112 Credential Policy Configuration
Credential Policy Configuration Settings
Passwords can contain any alphanumeric ASCII character and all ASC II special char acters. A non-tri vial
password meets the following criteria:
• Must contain three of the four allowable characteristics: uppercase character, lowercase character,
number, symbol.
• Must not use a character or number more than three times consecutively.
• Must not repeat or include the alias, username, or extension.
• Cannot consist of consecutive characters or numbers (for example, passwords such as 6543 21 or
PINs can contain digits (0-9) only. A non-trivial PIN meets the following criteria:
• Must not use the same number more than two times consecutively.
• Must not repeat or include the user extension or mailbox or the reverse of the user extension or
• Must contain three different numbers; for example, a PIN such as 121212 is trivial.
• Must not match the numeric representation (that is, dial by name) for the first or last name of the
• Must not contain groups of repeated digits, such as 408408, or patterns that are diale d in a stra ight
line on a keypad, such as 2580, 159, or 753.
Tab le 112-1 Credential Policy Configuration Settings
Field Description
Display Name Specify the credential policy name.
Enter up to 64 characters, except for quotation marks. Do not enter tab.
Failed Logon / No Limit for
Failed Logons Specify the number of allowed failed logon attempts. When this
threshold is reached, the system locks the account.
Enter a number in the range 1-100. To allow unlimited failed logons,
enter 0 or check the No Limit for Failed Logons check box. Uncheck the
check box to enter a value greater than 0. The default setting specifies 3.
Reset Failed Logon
Attempts Every Specify the number of minutes before the counter is reset for failed logon
attempts. After the counter resets, the user can try logging in again.
Enter a number in the range 1-120. The default setting specifies 30.
Lockout Duration /
Administrator Must Unlock Specify the number of minutes an account remains locked when the
number of failed logon attempts exceeds the specified threshold.
Enter a number in the range 1-1440. Enter 0 or check the Administrator
Must Unlock check box, so accounts will remain locked until an
administrator manually unlocks them. Uncheck the check box to enter a
value greater than 0. The default setting specifies 30.
Minimum Duration
Between Credential
Specify the number of minutes that are required be fore a user can change
credentials again.
Enter 0 to allow a user to change credentials at any time. Uncheck the
check box to enter a value greater than 0. The default setting specifies 0.