cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1867
Views
0
Helpful
5
Replies

ACS 5.1 - Account expiration date

frama-CCO
Level 1
Level 1

Hello,

We just migrated to ACS 5.1.

With the old ACS I was able to set Account expiration dates, so Accounts automatically were set to disabled if the configured date was passed.

I just can't find that option with the new ACS 5.1? We use Local Database by the way.

Thanks for any help!

5 Replies 5

Cam Le
Cisco Employee
Cisco Employee

Hi Daniel,

You can configure this in ACS 5.1 for Administrator on the ACS 5.1 Web GUI at:

System Administration - Administrators - Settings - Authentication - Advanced tab - under Password Lifetime on the page.

For local users (regular users vs. Administrators), you can configure the password expiration on the ACS Web GUI as follows:

System Administration - Users - Authentication Settings - Advanced tab - under Password Lifetime: Disable user account after x days .... , and "Display reminder after x days.

When you create the local user (under Users and Identity Stores) - Internal Identity Stores - Users - Create, check the box "Change password on next login".

Hope it helps.

Regards,

Cam.

Hi Cam,

Thanks for your feedback.

I'm aware of that option, but it's not what I'm looking for.

With the old ACS I could configure that a account is disabled at 2010/12/31 for example. With the option you've mentioned I have always to calculate how many days must pass till date X. We often have to configure accounts with fixed expiration days, so this would be much more complicated (and error-prone) than the method with setting an expiration date.

Regards

Hi Daniel,

I see what you're saying: you'd like to set a specific date for the password expiration, instead of specifying how many days the password will still be valid. Unfortunately that is not available in ACS 5.x. If you have an account team, you can ask them to request a feature for you.

Regards,

Cam.

I also noticed that not even this method you suggested first is usable.

camle wrote:

For local users (regular users vs. Administrators), you can configure the password expiration on the ACS Web GUI as follows:

System Administration - Users - Authentication Settings - Advanced tab - under Password Lifetime: Disable user account after x days .... , and "Display reminder after x days.

This setting cannot be done per user, so it's not really an option.

I'm getting more and more disappointed of ACS 5.x...this is really a basic requirements, cannot believe something like that is not implemented. Same with FTP-Backup where you can't specify the FTP-Server Port...but that's another story...

Hi Daniel,

As stated earlier, if you have an account team, you can ask them to open a feature request on your behalf for this. Thanks.

Regards,

Cam.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: