[cisco-voip] cdrtime for password changes cucm 5.1.2.x

Wes Sisk wsisk at cisco.com
Fri May 9 08:01:46 EDT 2008 

Thorsten,

Nice investigation and you got so very close to the answer.
In Cm5.x and 6.x "Credential Policy" was introduced just for this.  From 
the CM6.1 data dictionary:
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/datadict/6_1_1/dd_611.pdf

we find the credentialhistory table that captures when each user last 
changed their password:

admin:run sql select first 1 * from enduser
pkid                                 assocpc firstname middlename 
lastname userid manager department telephonenumber tku
serlocale mailid status facsimiletelephonenumber mobile pager homephone 
title building site fkdirectorypluginconfig uniq
ueidentifier nickname deletedtimestamp passwordreverse 
fkmatrix_presence                    tkuserprofile fkcallingsearc
hspace_restrict allowcticontrolflag enablemobilevoice 
maxdeskpickupwaittime enablemobility remotedestinationlimit
==================================== ======= ========= ========== 
======== ====== ======= ========== =============== ===
========= ====== ====== ======================== ====== ===== ========= 
===== ======== ==== ======================= ====
============ ======== ================ =============== 
==================================== ============= ==============
=============== =================== ================= 
===================== ============== ======================
61c1002c-2ea5-4a92-e1c8-8b1be0918523         wes                  
sisk     wsisk                                     1
                 
1                                                                          
NULL
                      NULL                             
ad243d17-98b4-4118-8feb-5ff2e1b781ac 1             NULL
                t                   f                 
10000                 f              4

admin:run sql select first 1 * from credentialhistory where fkenduser 
like '%8523'
pkid                                 changeid 
fkenduser                            fkapplicationuser tkcredential creden
tials                              timechanged
==================================== ======== 
==================================== ================= ============ ======
================================== ===========
1d27508e-73f5-440c-a5c4-94a5bc37e5d1 1        
61c1002c-2ea5-4a92-e1c8-8b1be0918523 NULL              4            2fa694
ffcd062c1e9a45a68cadf5a83facc2d7c9 1192218565

/Wes

Thorsten.Mayr at barclayscapital.com wrote:
> admin:run sql select first * from enduser
>
> Must have been mistyping it... looking at the systable confirmed this
> existed...
> But seems like no timestamp on the password, only on the overall enduser
> - unless there is a "crossreference" which I am not aware of?
>
> Apologies, could have figured that one out before, but am not really a
> database person.
>
> Thx anyway ;)
> T
>
>   
>> -----Original Message-----
>> From: cisco-voip-bounces at puck.nether.net 
>> [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of 
>> Mayr, Thorsten: IT (LDN)
>> Sent: Friday, May 09, 2008 10:05 AM
>> To: cisco-voip at puck.nether.net
>> Subject: [cisco-voip] cdrtime for password changes cucm 5.1.2.x
>>
>> A question for audit purposes...
>>
>> I have to prove that passwords are being changed/have been 
>> changed in a non AD integrated CUCM environment for all admin 
>> accounts... Usual story..
>>
>> I was wondering if there was a timestamp for password 
>> changes/updates/last touch... in the database on 5.1.2?
>> Or is there only one general timestamp assigned to the "user/account"
>> which counts for all updates to it ):
>>
>> As Wes once pointed out there is a hidden timestamp called 
>> cdrtime... I am sure we are not the first ones being audited 
>> on CUCM... 
>>
>> What have you guys done to produce audit trails?
>>
>> We have requested an audit functionality as a new feature.
>>
>> Thanks
>> Thorsten
>>
>> PS: I wasn't inventive enough to figure out the name of the 
>> table-,column-, name for application/end user accounts - 
>> hence wasn't able to check it out myself 
>> _______________________________________________
>>
>> This e-mail may contain information that is confidential, 
>> privileged or otherwise protected from disclosure. If you are 
>> not an intended recipient of this e-mail, do not duplicate or 
>> redistribute it by any means. Please delete it and any 
>> attachments and notify the sender that you have received it 
>> in error. Unless specifically indicated, this e-mail is not 
>> an offer to buy or sell or a solicitation to buy or sell any 
>> securities, investment products or other financial product or 
>> service, an official confirmation of any transaction, or an 
>> official statement of Barclays. Any views or opinions 
>> presented are solely those of the author and do not 
>> necessarily represent those of Barclays. This e-mail is 
>> subject to terms available at the following link: 
>> www.barcap.com/emaildisclaimer. By messaging with Barclays 
>> you consent to the foregoing.  Barclays Capital is the 
>> investment banking division of Barclays Bank PLC, a company 
>> registered in England (number 1026167) with its registered offi!
>>  ce at 1 Churchill Place, London, E14 5HP.  This email may 
>> relate to or be sent from other members of the Barclays Group.
>> _______________________________________________
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
>>     
> _______________________________________________
>
> This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. Unless specifically indicated, this e-mail is not an offer to buy or sell or a solicitation to buy or sell any securities, investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Barclays. Any views or opinions presented are solely those of the author and do not necessarily represent those of Barclays. This e-mail is subject to terms available at the following link: www.barcap.com/emaildisclaimer. By messaging with Barclays you consent to the foregoing.  Barclays Capital is the investment banking division of Barclays Bank PLC, a company registered in England (number 1026167) with its registered offi!
>  ce at 1 Churchill Place, London, E14 5HP.  This email may relate to or be sent from other members of the Barclays Group.
> _______________________________________________
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/cisco-voip/attachments/20080509/7fe60b8b/attachment.html

More information about the cisco-voip mailing list