I am managing a local cisco ACS 3.3.4 for cisco device logon. And, I have used the automatic password change feature on Cisco ACS tacacs server for a long time (ie Group Setup -> Select Group -> Edit Setting -> Password Aging Rules -> Apply age-by-date rules). It did work perfectly when telnet protocol was used in cisco IOS router/ switch. The ACS server will prompt me to change password every defined period.
However, the problem happened when I changed to use SSH protocol and disable Telnet in all cisco IOS router/ switch. It still prompts me to change password in defined period. But, it turned out that the password was not actually changed and even caused the account disabled in ACS server. How can I resolve this ACS server automatic password change issue when using SSH in cisco router?