Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ACS 5.1 Password rules settings per internal User

Hi

I am looking for a way how to set the password-rules for individually for for some users or identity-groups.

I just can find the global settings

Background of the requirement: We want to use password-aging for most admin-users, for some we dont want that pw expires

(e.g. NMS-Users ect)

Thx

Hubert

Everyone's tags (2)
10 REPLIES
New Member

Re: ACS 5.1 Password rules settings per internal User

Hi,

I dont see any way you can do that per use level, the only place where  you can change authentication settings is :

System Administration > Users > Authentication Settings


and thats appliacable to all users

Thanks

Waris Hussain.

New Member

Re: ACS 5.1 Password rules settings per internal User

Hi,

sorry to raise this old thread but... we have the same requirement - to be able to tune password rules settings for specific user accounts.

I would call this a feature request... Can we have a comment if this feature is ever likely to appear in future ACS releases?

Thanks.

Cisco Employee

Re: ACS 5.1 Password rules settings per internal User

Hi,

Yes this would be considered as PER.

Currently there are no plans for this to be implemented for specifc accounts only, it is possible though in a global way.

HTH,

Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

Gold

Re: ACS 5.1 Password rules settings per internal User

You can disable password aging for specific users

Need to upgrade to ACS 5.2 and install cummulative patch 5.2.0.26.2 patch or higher that includes the following enhancement

CSCtk32178: Add an option for pass never expired for specific users

There are other threads on this subject that provide more details. When install the patch it includes a document that defines how to configure this

If need more details let me know

New Member

Re: ACS 5.1 Password rules settings per internal User

unfortunately this bug is not visible,

do you know when this Patch will be available ?

CSCtk32178 Bug Details

This bug ID CSCtk32178 currently has no detailed information associated with it. Please add this bug ID to your watch group, which will notify our system administrators of your interest in this bug. Bug Toolkit will then notify you of any changes to this bug in the future.

Gold

Re: ACS 5.1 Password rules settings per internal User

Patch is already available and can be downloaded from CCO (need to upgrade to ACS 5.2 first)

New Member

Re: ACS 5.1 Password rules settings per internal User

Hi, I did an upgrade to

Version : 5.2.0.26.3


Company Name : customer

User : hresch
Internal Build ID : B.3075

Patches :

5-2-0-26-1
5-2-0-26-2
5-2-0-26-

but I cannot see any change in the User-configuration, now way to set that password never expires or so ?

KR

Hubert

Gold

Re: ACS 5.1 Password rules settings per internal User

There are no new specific options you will see in the GUI. It is enabled by created attributes for internal users

This functionality is enabled as follows:

- In : System Administration > Configuration > Dictionaries > Identity > Internal Users add Boolean attribute ACSRESERVEDNeverExpired and set its default value to "false".

- Set this user attribute to be true in the internal user definitions of those users whose password should never expire.

There should be a pdf doc included together with the readme

New Member

Re: ACS 5.1 Password rules settings per internal User

Thanks a lot now it works! Great !

Btw is there a way to do this as well for the administrative users ?

KR

Hubert

Gold

Re: ACS 5.1 Password rules settings per internal User

This specific mechanism does not apply to administrators.

However, administrative accounts already have the followig option that can be selected

:

Overwrites account blocking in case password expired, account inactivity
period reached or admin exhausted permitted failed attempt

961
Views
0
Helpful
10
Replies
CreatePlease to create content