01-24-2007 03:17 PM - edited 03-10-2019 02:56 PM
I am using acs 4.0 for tacacs auth to network devices. I need to be able to force the password history to prevent users from using any of the previous 5 passwords. I see that there is an option to prevent from using the "last" one, but not 5. Can I overwrite this somewhere?
thanks -j
01-25-2007 02:17 AM
Hi,
The latest version of ACS (4.1) has new features specifically designed to address SOX issues:
"This release contains new ACS administrator permissions to improve password management and audit reports for regulatory compliance; for example, Sarbanes-Oxley (SOX). ACS includes the following capabilities for:"
Authentication:
* Forcing periodic change of administrator?s password.
* Applying password structure policy.
* Forcing administrator's password change for inactive account.
* Preventing the reuse of old password (password history).
* Disabling administrator accounts for inactivity.
* Disabling administrator accounts after failed logins.
* Allowing ACS administrators to change their own passwords.
Audit and Reporting:
* Logging all administrative actions via system logging (syslog), in addition to existing logging targets.
* Controlling administrators? access to log file configuration to prevent specific audit logging from being disabled.
* Adding new reports for administrators privileges.
Authorization:
* Providing a read-only privilege for users and groups.
HTH - plz rate if useful.
Andrew.
01-26-2007 12:55 AM
Hi
If you're looking at SOX compliance, please take a look at aaa-reports! We can import the ACS database to document your TACACS+ config.
Not only that, but we can run reports to show:
* What devices a user/group can access (via NARs)
* What commands a user/group can execute (via NDG->DCS mappings)
* User password/account statuses
* DCS/NAR references (ie which groups)
* Unreferenced DCS/NAR (ie redundant)
* Much more!
..and all that in addition to regular reports driven off accounting, passed/failed attempts etc
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide