cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
616
Views
0
Helpful
2
Replies

Different Password Policy for Different User Groups in ACS 4.2

jagadeeshan.s
Level 1
Level 1

Hi All,

Can some one provide a solution for the below requirement?

We do have ACS 4.2 appliance managing firewalls of different clients. The users are common i.e, helpdesk administrators. One of the client came up with setting different password policy for managing their devices i.e, the client wants to have min 15 characters as password length. We do have currently 8 characters as min password length. Can we change the password policy to min 15 characters only for managing the firewalls of this client whereas for all other client firewalls we feel better to have 8 characters as min password length?

It seems that these password policies are global & affects all the users.

This is something like, having two sets of password (for each user) policy depending on the client which he is going to manage.

For my knowledge, i think that this is not possible. But, thought to cross-check with experts!

-Jags.

2 Replies 2

darpotter
Level 5
Level 5

With ACS you'd need multiple appliances and use TACACS/RADIUS proxy to forward specific requests to another ACS - with the appropriate password requirements.

If ACS was back-ending onto Windows you might be able to set up windows per-group password policies?

Hi jags,

Yor're correct. Password policy on ACS will affect all internal user. We can't create different password policies for diferent clients/connections/set_of_users

Password validation options apply only to user passwords that are stored in the ACS internal database. They do not apply to passwords in user records in external user databases; nor do they apply to enable or admin passwords for Cisco IOS network devices.

HTH

Regards,

JK

~Jatin
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: