<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Thorsten,<br>
<br>
Nice investigation and you got so very close to the answer.<br>
In Cm5.x and 6.x "Credential Policy" was introduced just for this.
>From the CM6.1 data dictionary:<br>
<a class="moz-txt-link-freetext" href="http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/datadict/6_1_1/dd_611.pdf">http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/datadict/6_1_1/dd_611.pdf</a><br>
<br>
we find the credentialhistory table that captures when each user last
changed their password:<br>
<br>
<tt>admin:run sql select first 1 * from enduser<br>
pkid assocpc firstname middlename
lastname userid manager department telephonenumber tku<br>
serlocale mailid status facsimiletelephonenumber mobile pager homephone
title building site fkdirectorypluginconfig uniq<br>
ueidentifier nickname deletedtimestamp passwordreverse
fkmatrix_presence tkuserprofile fkcallingsearc<br>
hspace_restrict allowcticontrolflag enablemobilevoice
maxdeskpickupwaittime enablemobility remotedestinationlimit<br>
==================================== ======= ========= ==========
======== ====== ======= ========== =============== ===<br>
========= ====== ====== ======================== ====== ===== =========
===== ======== ==== ======================= ====<br>
============ ======== ================ ===============
==================================== ============= ==============<br>
=============== =================== =================
===================== ============== ======================<br>
61c1002c-2ea5-4a92-e1c8-8b1be0918523 wes
sisk wsisk 1<br>
1
NULL<br>
NULL
ad243d17-98b4-4118-8feb-5ff2e1b781ac 1 NULL<br>
t f
10000 f 4<br>
<br>
admin:run sql select first 1 * from credentialhistory where fkenduser
like '%8523'<br>
pkid changeid
fkenduser fkapplicationuser tkcredential
creden<br>
tials timechanged<br>
==================================== ========
==================================== ================= ============
======<br>
================================== ===========<br>
1d27508e-73f5-440c-a5c4-94a5bc37e5d1 1
61c1002c-2ea5-4a92-e1c8-8b1be0918523 NULL 4
2fa694<br>
ffcd062c1e9a45a68cadf5a83facc2d7c9 1192218565<br>
<br>
/Wes<br>
</tt><br>
<a class="moz-txt-link-abbreviated" href="mailto:Thorsten.Mayr@barclayscapital.com">Thorsten.Mayr@barclayscapital.com</a> wrote:
<blockquote
cite="mid:568BC086983B9544993FA5104CF68E1A03004F41@LDNPCMEU304VEUA.INTRANET.BARCAPINT.COM"
type="cite">
<pre wrap="">admin:run sql select first * from enduser
Must have been mistyping it... looking at the systable confirmed this
existed...
But seems like no timestamp on the password, only on the overall enduser
- unless there is a "crossreference" which I am not aware of?
Apologies, could have figured that one out before, but am not really a
database person.
Thx anyway ;)
T
</pre>
<blockquote type="cite">
<pre wrap="">-----Original Message-----
From: <a class="moz-txt-link-abbreviated" href="mailto:cisco-voip-bounces@puck.nether.net">cisco-voip-bounces@puck.nether.net</a>
[<a class="moz-txt-link-freetext" href="mailto:cisco-voip-bounces@puck.nether.net">mailto:cisco-voip-bounces@puck.nether.net</a>] On Behalf Of
Mayr, Thorsten: IT (LDN)
Sent: Friday, May 09, 2008 10:05 AM
To: <a class="moz-txt-link-abbreviated" href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a>
Subject: [cisco-voip] cdrtime for password changes cucm 5.1.2.x
A question for audit purposes...
I have to prove that passwords are being changed/have been
changed in a non AD integrated CUCM environment for all admin
accounts... Usual story..
I was wondering if there was a timestamp for password
changes/updates/last touch... in the database on 5.1.2?
Or is there only one general timestamp assigned to the "user/account"
which counts for all updates to it ):
As Wes once pointed out there is a hidden timestamp called
cdrtime... I am sure we are not the first ones being audited
on CUCM...
What have you guys done to produce audit trails?
We have requested an audit functionality as a new feature.
Thanks
Thorsten
PS: I wasn't inventive enough to figure out the name of the
table-,column-, name for application/end user accounts -
hence wasn't able to check it out myself
_______________________________________________
This e-mail may contain information that is confidential,
privileged or otherwise protected from disclosure. If you are
not an intended recipient of this e-mail, do not duplicate or
redistribute it by any means. Please delete it and any
attachments and notify the sender that you have received it
in error. Unless specifically indicated, this e-mail is not
an offer to buy or sell or a solicitation to buy or sell any
securities, investment products or other financial product or
service, an official confirmation of any transaction, or an
official statement of Barclays. Any views or opinions
presented are solely those of the author and do not
necessarily represent those of Barclays. This e-mail is
subject to terms available at the following link:
<a class="moz-txt-link-abbreviated" href="http://www.barcap.com/emaildisclaimer">www.barcap.com/emaildisclaimer</a>. By messaging with Barclays
you consent to the foregoing. Barclays Capital is the
investment banking division of Barclays Bank PLC, a company
registered in England (number 1026167) with its registered offi!
ce at 1 Churchill Place, London, E14 5HP. This email may
relate to or be sent from other members of the Barclays Group.
_______________________________________________
_______________________________________________
cisco-voip mailing list
<a class="moz-txt-link-abbreviated" href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a>
<a class="moz-txt-link-freetext" href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</a>
</pre>
</blockquote>
<pre wrap=""><!---->_______________________________________________
This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. Unless specifically indicated, this e-mail is not an offer to buy or sell or a solicitation to buy or sell any securities, investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Barclays. Any views or opinions presented are solely those of the author and do not necessarily represent those of Barclays. This e-mail is subject to terms available at the following link: <a class="moz-txt-link-abbreviated" href="http://www.barcap.com/emaildisclaimer">www.barcap.com/emaildisclaimer</a>. By messaging with Barclays you consent to the foregoing. Barclays Capital is the investment banking division of Barclay
s Bank PLC, a company registered in England (number 1026167) with its registered offi!
ce at 1 Churchill Place, London, E14 5HP. This email may relate to or be sent from other members of the Barclays Group.
_______________________________________________
_______________________________________________
cisco-voip mailing list
<a class="moz-txt-link-abbreviated" href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a>
<a class="moz-txt-link-freetext" href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</a>
</pre>
</blockquote>
</body>
</html>