[cisco-voip] security concern regarding cups
Ryan Ratliff
rratliff at cisco.com
Tue Nov 24 10:45:45 EST 2009
For CUPS (the server) it pulls the ldap synchronization from the CUCM configuration. If you want this to be secure then configure LDAPS in CUCM.
On the CUPC clients the ldap searches they make can be configured to use TLS or anonymous bind (neither will have cleartext passwords on the wire). You configure TLS per-server in CUPS Application->CUPC->Ldap Server. The anonymous bind is configured in the Ldap Profile.
To use LDAPS from CUPS to AD you'll need to upload the certificate information to the CUPS OS page the same as CUCM.
-Ryan
On Nov 24, 2009, at 3:02 AM, wael ahmed el mezain wrote:
Guys, thanks for reply
But anyone has solution for this ?
I used to get the solutions for my issues from this group.
Thanks,
Wael
Subject: RE: [cisco-voip] security concern regarding cups
Date: Mon, 23 Nov 2009 13:11:00 -0500
From: jason.aarons at us.didata.com
To: voicenoob at gmail.com; wael733 at hotmail.com; cisco-voip at puck.nether.net
Phone Messenger has same issue, I understand there is/will be fix for the IP Phone Service to be https. Can’t recall where I just read about it -jason
From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of VoiceNoob
Sent: Monday, November 23, 2009 8:40 AM
To: 'wael ahmed el mezain'; cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] security concern regarding cups
Are you SURE it is sending the LDAP password in plaintext? Have you done a packet capture? Also the screen shot you sent is the AXL configuration not CUPS querying LDAP.
From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of wael ahmed el mezain
Sent: Sunday, November 22, 2009 11:29 AM
To: cisco-voip at puck.nether.net
Subject: [cisco-voip] security concern regarding cups
Dears,
We have a security concern regarding cups.
When CUPS querying LDAP the integration account is sending the user name and password in plain text.
Can we use secure LDAP instead? And Also what is the advantage of the attached screen
Please advice.
Regards,
wael ahmed
Windows Live: Make it easier for your friends to see what you’re up to on Facebook.
Disclaimer: This e-mail communication and any attachments may contain confidential and privileged information and is for use by the designated addressee(s) named above only. If you are not the intended addressee, you are hereby notified that you have received this communication in error and that any use or reproduction of this email or its contents is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to this message and deleting it from your computer. Thank you.
Windows Live: Keep your friends up to date with what you do online. _______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20091124/1455deef/attachment.html>
More information about the cisco-voip
mailing list