One Time Login Password

daniel.pimentel · ‎12-18-2008

Is there a way I can set up a user in ACS, and put a temporary password. As soon as this user logs in into the first device (router, firewall, etc) The device will ask him to change the password. This is for Management Purposes and I'm using the Internal Database for this.

Thanks in advance, for your help.

didyap · ‎12-24-2008

No its not possible as use in ACS to set temporary password.

cisco24x7 · ‎12-24-2008

Having done this a few weeks ago, I can say that

YES, IT CAN BE DONE EASILY.

Step #1: Create a group called test. In this

group, you will see "Passing Aging Rules".

Underneath that, you will see a check box to

force the user to change the password on the

first log-in after an administrator has changed it.

Step #2: Create a user say "cciesec". You

then associate this user with group "test".

Step #3: Under System Configuration, Local

Password Management, un-check "Remote Change

Password". This will allow user to change

password anytime they wish.

Step #4: Restart ACS service, no need to

reboot.

With the correct IOS image, you can even

change password via SSH in addition to telnet.

[Expert@P1-NGx]# telnet 192.168.15.248

Trying 192.168.15.248...

Connected to 192.168.15.248.

Escape character is '^]'.

User Access Verification

Username: ngx1

Password:

Your password has expired.

Enter a new one now.

New Password:

Re-enter New password:

Password Changed

C3640>

Easy right?