cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1609
Views
5
Helpful
2
Replies

Password lifetime

acontes
Level 1
Level 1

Hi,

i am looking for a solution for the following problem: we want to enable password lifetime for device administration (tacacs+) and to disable password lifetime for 802.1x radius authentication with local user database. with the old acs 3.3 system it was possible to define this in every single user group. with acs 5.1  you are only able to enable oder disable password lifetime globally.

any hints on this?

2 Replies 2

jrabinow
Level 7
Level 7

There is a solution available to disable password lifetime on a per user basis

Need to upgrade to ACS 5.2 and install cummulative patch 5.2.0.26.2 patch or higher that includes the following enhancement

CSCtk32178: Add an option for pass never expired for specific users

There are no new specific options you will see in the GUI for this feature. It is enabled by creating attributes for internal users

This functionality is enabled as follows:

- In : System Administration > Configuration > Dictionaries > Identity > Internal Users add Boolean attribute ACS‐RESERVED‐Never‐Expired and set its default value to "false".

- Set this user attribute to be true in the internal user definitions of those users whose password should never expire.

There should be a pdf doc included together with the readme

If you do upgrade t ACS 5.2 and install the patch I recommend to utilize the latest patch since they are cummulative: 5.2.0.26.6

Very nice. I will upgrade to 5.2 and try if it works.

I suppose there are a lot more attributes. Are they somewhere documented?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: