[cisco-voip] CM Security password

Wes Sisk wsisk at cisco.com
Tue Jan 25 18:21:18 EST 2011


I believe this came with the CM 8.0 feature of security by default and 
automatically encrypted backups:

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/security/8_0_1/secugd/secusbd.html#wp1092151

Encrypted backup depends on correct password to restore.  Before this 
you *may* be able to get by with mismatch passwords. I seem to recall it 
being possible but have not tested and cannot find documentation.

Regards,
Wes

On 1/25/2011 5:22 PM, Ed Leatherman wrote:
> Jason,
>
> Good call.. I checked on our system and no such message comes up when
> I kick off a manual backup (which doesn't mean it isn't the case
> though).
>
> I'm going to try to build this in the lab and see what happens with a
> production backup.. licenses won't work but that shouldn't matter to
> test this.
>
> I'm leaning towards changing the cluster password anyway to avoid any
> potential upgrade or hardware migration issues in the future.
>
>
>
> On Tue, Jan 25, 2011 at 11:00 AM, Jason Burns<burns.jason at gmail.com>  wrote:
>> The current CUCM 8.5.1 implementation of DRS prompts you with this message
>> before you start a backup:
>>
>> ============
>> The DRS Backup archive encryption depends on the current security password
>> (Provided at the time of install). During a restore, you could be prompted
>> to enter this security password if this password has been changed.
>> ============
>> So in that case you're hosed.
>> I'll have to check if that same behavior exists in 7.1.5.
>> On Sun, Jan 23, 2011 at 7:45 PM, Ed Leatherman<ealeatherman at gmail.com>
>> wrote:
>>> Hello,
>>>
>>> When doing a restore from backup, does the cluster security password
>>> get set from the backup files, or must it be set to match when you
>>> initially install CM on the hardware?
>>>
>>> The reason I ask is, we were going to replace publisher hardware this
>>> morning, but when we go to the step in the CM install (7.1.5) where
>>> you enter the cluster security password and used our current security
>>> password, it came back and said it was based on a dictionary word.
>>> Now.. i'm guessing CM is checking against the Klingon dictionary at
>>> this point, since the password is gibberish, and mostly special
>>> characters. The current cluster password was set when we first
>>> installed CM 5.
>>>
>>> Regardless.. if I install using some other password it accepts, and
>>> then restore the publisher from normal per the procedure - will the
>>> backup files restore the correct cluster security password, or am I
>>> stuck at this point with going around and changing the current
>>> password? Anyone else ever run into this?
>>>
>>> --
>>> Ed Leatherman
>>> _______________________________________________
>>> cisco-voip mailing list
>>> cisco-voip at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
>
>


More information about the cisco-voip mailing list