09-11-2014 09:52 AM - edited 03-19-2019 08:36 AM
Hello Folks,
We would like to implement a procedure in order to be able to periodically change the Service User Account Password (once a year). First of all, is this a recommanded practice? If not, what are the inconveniences? If yes, could you please let me know what would be the best way of accomplishing this task. As Service Acount User, I am refering to AXLAPI_User, CER_AXLUser, CUCService etc....
Thanks,
MK
Solved! Go to Solution.
09-12-2014 07:05 AM
No, why would you see that???? CUCM really has no idea whatsoever what app is using it, to show you the name of the app.
If it registers something like CER, then you would see the registration of CTI RP/ports, then you would need to go and find out who owns the ip you see, but for example, CUACS does not register anything, and it still uses one user. They should have documented what each of the users does.
09-11-2014 11:46 AM
We have no official recommendation around that, it's pretty much up to you, or your customer's security policies.
The change is rather trivial, go to the user, change the pwd and save, that's it, then just make sure to change it anywhere else you're using it (CER, AC, etc)
09-11-2014 12:12 PM
Thanks Jaime,
This has been required by the management but I still can't understand why would we need to change those Application Users Password. Each of those users has many dependencies!!!! Is there any way that those credentials can be divuged to outside people?
Is there a way to automate this process from CM that asks for a password change once every 12 months?
Thanks,
MK
09-11-2014 04:06 PM
There is no way to automate the process.
09-12-2014 06:13 AM
Thanks George,
When I open the Application User (i.e. AXLAPI_User) and click on the Dependency Records, I was expecting to see a list of the servers using this Application User but it looks like this is not the case. How would that be possible to identify the associated applications with a given Application User?
Thanks,
MK
09-12-2014 07:05 AM
No, why would you see that???? CUCM really has no idea whatsoever what app is using it, to show you the name of the app.
If it registers something like CER, then you would see the registration of CTI RP/ports, then you would need to go and find out who owns the ip you see, but for example, CUACS does not register anything, and it still uses one user. They should have documented what each of the users does.
09-12-2014 07:30 AM
Thanks Jaime, your help is very much appreciated.
MK
09-12-2014 12:25 PM
One last question guys,
What would we gain by changing the Application Users Password? for me, it's just creating hassles for support people. Am I mistaken?
Thanks,
MK
09-12-2014 12:30 PM
Pretty much. :P
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide