Local User Password Reset

Unanswered Question
Oct 13th, 2009
User Badges:

I'm using an ASA 5510 with local user authentication for VPN access. Is there a method that I can use to prompt for user password changes after a given time? If not with local accounts, what other authentication methods may be available to prompt users for password changes and provide them with that capability?


My clients are using AnyConnect 2.3.2016 and the ASA is v 8.0(4)


Thanks,

Ken

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Tue, 10/13/2009 - 13:10
User Badges:
  • Purple, 4500 points or more

Ken-


Local passwords never expire so there is no way to force password changes using the local database. The good news is that it can be done using a AAA server like Cisco ACS. It can also map back to your domain or LDAP realms and use those user names & passwords!


http://www.cisco.com/en/US/products/sw/secursw/ps2086/index.html


Hope that helps.

kmkrause2 Tue, 10/13/2009 - 13:14
User Badges:

Thanks for the response. I kind of thought that was going to be the case. Do you know of any security concerns that would lean a person one way or the other regarding radius vs ldap?


Thanks again

Collin Clark Tue, 10/13/2009 - 13:25
User Badges:
  • Purple, 4500 points or more

I would lean towards TACACs if you can. It encrypts the AAA packets whereas RADIUS creates a hash of them.

kmkrause2 Wed, 10/14/2009 - 04:53
User Badges:

I'll look into it!


Thanks again for your response.

Actions

This Discussion