Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
613
Views
4
Helpful
2
Replies

How to set Password History in ACS? Sarbanes-Ox...

jdean1
Level 1
Level 1

‎01-24-2007 03:17 PM - edited ‎03-10-2019 02:56 PM

I am using acs 4.0 for tacacs auth to network devices. I need to be able to force the password history to prevent users from using any of the previous 5 passwords. I see that there is an option to prevent from using the "last" one, but not 5. Can I overwrite this somewhere?

thanks -j

Labels:
0 Helpful
2 Replies 2

andrew.burns
Level 7
Level 7

‎01-25-2007 02:17 AM

Hi,

The latest version of ACS (4.1) has new features specifically designed to address SOX issues:

"This release contains new ACS administrator permissions to improve password management and audit reports for regulatory compliance; for example, Sarbanes-Oxley (SOX). ACS includes the following capabilities for:"

Authentication:

* Forcing periodic change of administrator?s password.

* Applying password structure policy.

* Forcing administrator's password change for inactive account.

* Preventing the reuse of old password (password history).

* Disabling administrator accounts for inactivity.

* Disabling administrator accounts after failed logins.

* Allowing ACS administrators to change their own passwords.

Audit and Reporting:

* Logging all administrative actions via system logging (syslog), in addition to existing logging targets.

* Controlling administrators? access to log file configuration to prevent specific audit logging from being disabled.

* Adding new reports for administrators privileges.

Authorization:

* Providing a read-only privilege for users and groups.

HTH - plz rate if useful.

Andrew.

darpotter
Level 5
Level 5

‎01-26-2007 12:55 AM

Hi

If you're looking at SOX compliance, please take a look at aaa-reports! We can import the ACS database to document your TACACS+ config.

Not only that, but we can run reports to show:

* What devices a user/group can access (via NARs)

* What commands a user/group can execute (via NDG->DCS mappings)

* User password/account statuses

* DCS/NAR references (ie which groups)

* Unreferenced DCS/NAR (ie redundant)

* Much more!

..and all that in addition to regular reports driven off accounting, passed/failed attempts etc

http://www.extraxi.com/aaa-reports.htm

0 Helpful
Customers Also Viewed These Support Documents