Course13:IT Connect - 11.4 Password relations

From innovaphone wiki
Jump to navigation Jump to search

This book helps to get a better overview of which password fits which password

Introduction

In this course we have used many different passwords. In this book, we would like to explain which password must match which password to avoid a password mismatch.

User Password

Each user has his own password, which is required to access his/her myApps client. The user screenshot.png can change their own password in their profile app, but of course the administrator has the ability to change the password if the user has lost or forgotten it. The administrator can do this screenshot.png in the users admin app when editing a user.

The first user of the PBX screenshot.png is created during Install. This user automatically receives the admin user template and thus has admin rights.

PBX Password

The PBX password is used to encrypt all types of data in the PBX, most notably the user passwords. When you replicate user-specific data to the Users(App) database, a standby PBX, a slave PBX, or an IP DECT master, the data is transmitted in encrypted form. To decrypt it, the PBX password must be known on both sides.

In V13, the PBX password is generated and screenshot.png displayed by the Install. Since this password is of utmost importance, please store it in a secure place. The PBX password can be configured manually in the Advanced UI under PBX/ Config /Security. Keep in mind that the Install uses the PBX password when it sets up the Users admin app. This means screenshot.png if you change the PBX password the PBX password in the burger menu of the users admin app has to be changed as well.

Domain Password

You can screenshot.png define a unique domain password for each domain in your devices app. If you select the Deploy the domain password on all devices screenshot.png check box, each device that is part of that domain screenshot.png receives this new domain password as the admin password.

The admin password is important to know because you'll need it to restore your devices in case of a disaster recovery and it allows you to screenshot.png access the device directly through the advanced user interface.

The admin password is generated and displayed screenshot.png by the install and it is important to store the admin password on a secure location.

SIP authentication password

During the configuration of the SIP trunk, you will be asked for some kind of authentication so that the provider can be sure that no malicious attacker will attach to your SIP account. This is usually done by entering credentials. Therefore, make sure that you configure the screenshot.png correct password for your SIP trunk. This password has to match the password you received from your provider.

Password for a sharing a directory

During the course we used announcements for the waiting queue or the conference object and saved those inside the files app. The PBX has to be able to retrieve this announcements from the files database. One of the authentication methods we talked about isscreenshot.png using a username and password.

The password defined in the files app has to be used by the PBX. Since HTTPs is used by the PBX we can configure HTTP client URLs at Services / Http / Client. A screenshot.png Authenticated URL, consists of an URL, User and Password. The box itself acts as an HTTP client and retrieves or sends information to another web server using GET, PUT or POST requests. Note that these credentials are not required for WebSocket connections.

All the URLs begin with https://apps.dvl-ckl2.net/dvl-ckl2.net/. This is your App platform. So obviously, your PBX talks to the App platform using HTTP.

This URL has to point to the exact folder you are sharing in the files app. The username and password required for authentication must be entered right next to the authenticated URL.

Fax to Mail SMTP password

To establish a secure SMTP connection between the Fax app service and your email server, you must configure credentials to authenticate the connection. These credentials must be configured screenshot.png in the app service itself.

It is important to note that the email plugin is used for two-factor authentication and email notifications by the Voicemail app service. The SMTP connection configured in the Fax app service is a separate configuration.

Voicemail settings password

The credentials configured in the Voicemail App Service -> Settings are used by the PBX to retrieve voicemail requests and stored voicemail messages from the voicemail database.screenshot.png Any username and password configured here will be transmitted to the PBX and stored in the voicemail object. Therefore, you should never configure the credentials on the PBX itself, but use the voicemail plugin to change the username and password.

Reverse Lookup password

When you receive a call, you usually want to know who is calling you. Therefore, the PBX performs a so-called reverse lookup to query a directory to whom this incoming number belongs. During Install, the reverse lookup URL in the PBX is configured to use the Contacts app as such a directory. To authenticate at the Contacts app service, you must configure a password for such a reverse lookup. screenshot.png This password must match the password configured in the Contacts app service.

App Service instance specific passwords

When you log in to the myApps client, you get access to all available apps. Some of these apps, such as the phone or chat app, are part of the PBX firmware, while other apps are on the AP. When you open an app whose app service is part of the application platform, the app service allows only authenticated access for this websocket connection.

You may wonder where you can configure the corresponding credentials for this connection. In the PBX you will find so-called app objects.screenshot.png Each of these app objects has a password. The myApps client receives this information from the PBX during the login process, which is then used for the websocket connection and must match the password of the app service instance.

Fortunately, you don't have to configure these passwords, because the installation configures them for you.

(Further Hints) The database password can be ignored because it is used only for internal communication. You only need to change it in the rare case when you need to access the database using Linux database tools.