[cisco-voip] CTL/Security Token question
Wes Sisk
wsisk at cisco.com
Mon Apr 4 13:24:03 EDT 2011
Yes. So long as you follows the docs and use both you can lose/trash one
token and retain administrative access. You have to add both tokens
though. They are not copies or otherwise automatically replicated.
Regards,
Wes
On 4/4/2011 1:03 PM, Ed Leatherman wrote:
> Good to know, thanks Wes - the book i was reading didn't mention the
> token password but I see it now in the CM docs.
>
> Assuming you forgot or lost the password for one of the tokens, could
> you use one of your other tokens (assuming you know ITS password) to
> change the CTL and remove the one you forgot?
>
> On Mon, Apr 4, 2011 at 11:45 AM, Wes Sisk<wsisk at cisco.com> wrote:
>> We do this in our labs. Just be careful to keep track of password changes.
>> Using the tokens requires a password. Guess the wrong password too many
>> times and they do self destruct. This would effectively lock you out of all
>> clusters that use that key.
>>
>> Regards,
>> Wes
>>
>> On 4/4/2011 10:27 AM, Ed Leatherman wrote:
>>> Hello,
>>>
>>> I'm doing some studying on control/media encryption for call manager,
>>> and was wondering if someone could answer a (hopefully simple)
>>> question about signing CTL's. Does the act of signing a CTL actually
>>> affect the security token(s) in any way? Can I buy a set of security
>>> tokens, use them to configure everything on lab CM, and then re-use
>>> the same tokens in production?
>>>
>>> The documentation seems to infer this (along with a best practice of
>>> building in test first), but it doesn't come right out and say you can
>>> reuse the same tokens. Would be kind of goofy if it locked them to a
>>> particular cluster some how and I don't think that's the case. I was
>>> hoping for a bit of confirmation though.
>>>
>>> Thanks!
>>>
>
>
More information about the cisco-voip
mailing list