Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 5.1 - Account expiration date

Hello,

We just migrated to ACS 5.1.

With the old ACS I was able to set Account expiration dates, so Accounts automatically were set to disabled if the configured date was passed.

I just can't find that option with the new ACS 5.1? We use Local Database by the way.

Thanks for any help!

5 REPLIES
Cisco Employee

Re: ACS 5.1 - Account expiration date

Hi Daniel,

You can configure this in ACS 5.1 for Administrator on the ACS 5.1 Web GUI at:

System Administration - Administrators - Settings - Authentication - Advanced tab - under Password Lifetime on the page.

For local users (regular users vs. Administrators), you can configure the password expiration on the ACS Web GUI as follows:

System Administration - Users - Authentication Settings - Advanced tab - under Password Lifetime: Disable user account after x days .... , and "Display reminder after x days.

When you create the local user (under Users and Identity Stores) - Internal Identity Stores - Users - Create, check the box "Change password on next login".

Hope it helps.

Regards,

Cam.

New Member

Re: ACS 5.1 - Account expiration date

Hi Cam,

Thanks for your feedback.

I'm aware of that option, but it's not what I'm looking for.

With the old ACS I could configure that a account is disabled at 2010/12/31 for example. With the option you've mentioned I have always to calculate how many days must pass till date X. We often have to configure accounts with fixed expiration days, so this would be much more complicated (and error-prone) than the method with setting an expiration date.

Regards

Cisco Employee

Re: ACS 5.1 - Account expiration date

Hi Daniel,

I see what you're saying: you'd like to set a specific date for the password expiration, instead of specifying how many days the password will still be valid. Unfortunately that is not available in ACS 5.x. If you have an account team, you can ask them to request a feature for you.

Regards,

Cam.

New Member

Re: ACS 5.1 - Account expiration date

I also noticed that not even this method you suggested first is usable.

camle wrote:

For local users (regular users vs. Administrators), you can configure the password expiration on the ACS Web GUI as follows:

System Administration - Users - Authentication Settings - Advanced tab - under Password Lifetime: Disable user account after x days .... , and "Display reminder after x days.

This setting cannot be done per user, so it's not really an option.

I'm getting more and more disappointed of ACS 5.x...this is really a basic requirements, cannot believe something like that is not implemented. Same with FTP-Backup where you can't specify the FTP-Server Port...but that's another story...

Cisco Employee

Re: ACS 5.1 - Account expiration date

Hi Daniel,

As stated earlier, if you have an account team, you can ask them to open a feature request on your behalf for this. Thanks.

Regards,

Cam.

1166
Views
0
Helpful
5
Replies