ACS 5.1 - Account expiration date

Unanswered Question
Aug 5th, 2010
User Badges:

Hello,


We just migrated to ACS 5.1.

With the old ACS I was able to set Account expiration dates, so Accounts automatically were set to disabled if the configured date was passed.

I just can't find that option with the new ACS 5.1? We use Local Database by the way.


Thanks for any help!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Cam Le Thu, 08/05/2010 - 08:53
User Badges:
  • Cisco Employee,

Hi Daniel,


You can configure this in ACS 5.1 for Administrator on the ACS 5.1 Web GUI at:

System Administration - Administrators - Settings - Authentication - Advanced tab - under Password Lifetime on the page.


For local users (regular users vs. Administrators), you can configure the password expiration on the ACS Web GUI as follows:

System Administration - Users - Authentication Settings - Advanced tab - under Password Lifetime: Disable user account after x days .... , and "Display reminder after x days.

When you create the local user (under Users and Identity Stores) - Internal Identity Stores - Users - Create, check the box "Change password on next login".


Hope it helps.


Regards,

Cam.

frama-CCO Thu, 08/05/2010 - 09:09
User Badges:

Hi Cam,


Thanks for your feedback.


I'm aware of that option, but it's not what I'm looking for.

With the old ACS I could configure that a account is disabled at 2010/12/31 for example. With the option you've mentioned I have always to calculate how many days must pass till date X. We often have to configure accounts with fixed expiration days, so this would be much more complicated (and error-prone) than the method with setting an expiration date.


Regards

Cam Le Thu, 08/05/2010 - 10:14
User Badges:
  • Cisco Employee,

Hi Daniel,


I see what you're saying: you'd like to set a specific date for the password expiration, instead of specifying how many days the password will still be valid. Unfortunately that is not available in ACS 5.x. If you have an account team, you can ask them to request a feature for you.


Regards,

Cam.

frama-CCO Fri, 08/06/2010 - 00:32
User Badges:

I also noticed that not even this method you suggested first is usable.


camle wrote:


For local users (regular users vs. Administrators), you can configure the password expiration on the ACS Web GUI as follows:

System Administration - Users - Authentication Settings - Advanced tab - under Password Lifetime: Disable user account after x days .... , and "Display reminder after x days.


This setting cannot be done per user, so it's not really an option.

I'm getting more and more disappointed of ACS 5.x...this is really a basic requirements, cannot believe something like that is not implemented. Same with FTP-Backup where you can't specify the FTP-Server Port...but that's another story...

Cam Le Fri, 08/06/2010 - 10:47
User Badges:
  • Cisco Employee,

Hi Daniel,


As stated earlier, if you have an account team, you can ask them to open a feature request on your behalf for this. Thanks.


Regards,

Cam.

Actions

This Discussion