Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Different Password Policy for Different User Groups in ACS 4.2

Hi All,

Can some one provide a solution for the below requirement?

We do have ACS 4.2 appliance managing firewalls of different clients. The users are common i.e, helpdesk administrators. One of the client came up with setting different password policy for managing their devices i.e, the client wants to have min 15 characters as password length. We do have currently 8 characters as min password length. Can we change the password policy to min 15 characters only for managing the firewalls of this client whereas for all other client firewalls we feel better to have 8 characters as min password length?

It seems that these password policies are global & affects all the users.

This is something like, having two sets of password (for each user) policy depending on the client which he is going to manage.

For my knowledge, i think that this is not possible. But, thought to cross-check with experts!



Re: Different Password Policy for Different User Groups in ACS 4

With ACS you'd need multiple appliances and use TACACS/RADIUS proxy to forward specific requests to another ACS - with the appropriate password requirements.

If ACS was back-ending onto Windows you might be able to set up windows per-group password policies?

Cisco Employee

Re: Different Password Policy for Different User Groups in ACS 4

Hi jags,

Yor're correct. Password policy on ACS will affect all internal user. We can't create different password policies for diferent clients/connections/set_of_users

Password validation options apply only to user passwords that are stored in the ACS internal database. They do not apply to passwords in user records in external user databases; nor do they apply to enable or admin passwords for Cisco IOS network devices.




~BR Jatin Katyal **Do rate helpful posts**