Configuration of SwyxServer Configuring SwyxServer settings The "Security" tab
The "Security" tab
This tab is used to set the encryption mode and password rules for SwyxServer in general.
Encryption settings
Encryption mode is determined globally for SwyxServer in this area, which means the settings you choose here will influence the encryption settings in user and trunk properties.
If you set the encryption mode to "No encryption" here, the mode in the user and trunk properties is likewise set to "No encryption"; if you select "Encryption mandatory" here, then the setting "Encryption mandatory" also appears there. In both cases, the mode cannot be changed within the user and trunk properties. The field is then deactivated.
A change of the encryption mode requires a restart of all client devices.
The SwyxLink trunk and the SIP trunk are exceptions in this context. In the SwyxLink trunk, the encryption mode is taken from the server settings and cannot be changed. You can configure encryption for SIP trunks in the SIP trunk group settings. See Exceptions.
See Encryption.
Password settings
In this section, you can enforce password rules for better user account protection. SwyxWare administrators and users will then have to meet additional security requirements for their login to SwyxServer.
Logging on to terminal devices and SIP registrations as well as authentication via Windows user accounts are not affected by these password settings.
The default configuration is for all rules to be deactivated.
It is impossible to use the previous password again.
The following rules can be configured:
* Force complex user passwords:
If this control field is activated, only those user passwords will be permitted that are at least eight characters long and meet at least three of the following four character classes:
- upper-case letters such as: [A-Z]
- lower-case letters such as: [a-z]
- Numbers [0-9]
- Non-alphanumeric characters (special characters) such as: - periods, commas, brackets, blanks, hash tags (#), question marks (?), percent signs (%), ampersands (&).
Alphabetic characters (such as: ß, ü, ä, è, ô) and non-Latin characters (such as: φ, π, β) are no special characters and are regarded as letters.
* New users must change their password the first time they perform a login
When this checkbox is activated, newly configured users will be required to reset their password themselves after the first login so that users will be the only person who know their passwords.
Existing user accounts will remain unaffected by the "force complex user passwords" rule until a user changes a password on the user's own volition or the administrator forces a password change for a user.
You can force users to change their passwords or to use complex passwords. See The "Authentication" Tab.
It is impossible to use the previous password again.
A corresponding dialog window will appear at login indicating brief instructions when a user's account data needs to be adjusted to the server and user rules configured. See Registration on SwyxWare Administration.
* Deactivate user after failed login attempts
If this checkbox is activated, then the system will lock user account based on a predetermined number of failed login attempts (e.g. password entered incorrectly multiple times). The corresponding users will be deactivated and will not be able to use terminal devices or clients.
This option can only be used together when the parameter "Number of unsuccessful logins before deactivation" is set.
Following activation, this rule will apply for all users and administrators. System administrators are the only ones who are not locked.
Only an administrator can activate a user. See Activate/deactivate or delete users.
* Number of unsuccessful logins before deactivation.
This entry field is used to set the number of attempts a user may use to SwyxServer login. Only values "3" to "20" are used.
The number of failed log-in attempts will be reset for the corresponding user after one successful login. After resetting the SwyxServer services or after changing between master and standby server, this number is reset to zero for all users.
The number of failed log-on attempts is irrelevant, when the administrator has established a forced password change, and the user attempts to log-on with his/her previous password.
If a user has been deactivated, then the user will be shown the corresponding notification and an instruction to contact the administrator. See Limited number of log-in attempts.
Login Settings
The user name in UPN format should be used for logging on to SwyxWare Administration and clients.
In this area, you can configure a UPN-Suffix.
See also The "Authentication" Tab.