Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

ACS Appliance - Local User Password Changing Options

I am configuring a pair of 1113 appliances running ACS 4.2. The client wants to only user local user accounts stored in the ACS database for AAA on devices and LMS and Ops Manager logins. There are configurable password aging settings for users and groups. The question that I have is how are the users notified that their passwords are expired and ow can they change them? The customer uses only ssh for device management. Is the UCP utility still a requirement if an appliance is used as opposed to a standard Windows ACS installation. I also came across this bug:

SCsj50218 Bug Details

Password expiry feature should be support for users local to ACS


ACS currently does not support password expiry / password management feature for locally configured users.


users are configured locally on ACS as opposed to an external database such as active directory.


user external database / server where user profiles are setup.


Re: ACS Appliance - Local User Password Changing Options

You are correct, ACS does currently not support local user password expiry.

The defect is actually : CSCsj50218

Re: ACS Appliance - Local User Password Changing Options

ACS supports Password Aging for Device-hosted Sessions-Users must be in the CiscoSecure user database, the AAA client must be running TACACS+, and the connection must use Telnet. You can control the ability of users to change passwords during a device-hosted Telnet session.

You can also control whether Cisco Secure ACS propagates passwords changed by this


UCP is used in both appliance and window.



Do rate helpful posts

Community Member

Re: ACS Appliance - Local User Password Changing Options

If configured, users are prompted to change their admin configured password through an ssh session when using the admin defined password.

CreatePlease to create content