We have a customer that would like to allow password expiry when they connect to an ASA firewall over an SSL VPN. The ASA will authenticate users using RADIUS back to the ACS 5.0 Express appliance which in turn would integrate in with AD, if a users password has expired I want them to be able to change it through the SSL VPN portal. The ASA will support RADIUS with Expiry, not sure about ACS 5.0 Express.
Another example; I login to a router and if my AD password is expired I could actually change it at the router command prompt (using TACACS+, but I know RADIUS will work this way as well in 4.2).
The main reason I ask is that ACS 5.0 has some limitations.
Do you know if ACS 5.0 Express has this functionality?