Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Password Policy for administrators in ACS 4.1

Dear

In ACS, I want to know if i set the following password lifetime option under password policy for administrators under administration control then will
that change be applicable to all local administrators or it will be applicable to only default administrator (ACSAdmin)

If i set the number of days for 10 days then what will happend after passing 10th day..

Will the ACS give the option to change the password when i try to login after 10th day ?
Will it give the option on the main ACS login page.


password Liftetime Options
*******************************

The password will require change after 10 days

20 REPLIES
Cisco Employee

Password Policy for administrators in ACS 4.1

Yes, it will be applicable to all administrators created on ACS. Yes, after passing 10th day, you will be prompted to change the password on ACS login screen.

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
New Member

Password Policy for administrators in ACS 4.1

Thanks Jatin

Can i hve some document which is mentioning that changes in Password lifetime options is applicable to all manually created administrators and default administrator (ACSAdmin) as well.

1) Will that change be applicable to default administrator (ACSAdmin) ?

2) Will it that change be applicable to TACACS users as well.

Cisco Employee

Password Policy for administrators in ACS 4.1

Here is a link

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/Admin.html#wp703514

Since it's a global change so it will be applicable to all admin accounts.

So the administrator password policy only affects ACS administrator accounts. It has nothing to do with Tacacs users.

I'll try to recreate when exactly we see the option to change password and let you know.

Are you running ACS windows or ACS appliance?

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
New Member

Password Policy for administrators in ACS 4.1

I m using the ACS appliance with version 4.1.

Can you please send me the snap shot once you will recreate it.

I have created some administrators under administration control like (user1, user2, user3 etc) and one is default administrator (ACSAdmin).... Can you also please test to check whether this change is applicable to all manually created administrator accounts and default admin account (ACSAdmin)

Cisco Employee

Password Policy for administrators in ACS 4.1

Sure. I will update you

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
New Member

Password Policy for administrators in ACS 4.1

Dear Jatin

Did u get a chance to test the following

Can you also please test to check whether this change is applicable to all manually created administrator accounts and default admin account (ACSAdmin)

I'll try to recreate when exactly we see the option to change password and let you know.

New Member

Password Policy for administrators in ACS 4.1

Dear Jatin

It is not specifically mentioned in the below link that  password policy (password Liftetime Options) are applicable to manually created account and default administrator account (ACSAdmin)

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user

Cisco Employee

Password Policy for administrators in ACS 4.1

HI Farooq,

I will try and update this thread today.

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
New Member

Re: Password Policy for administrators in ACS 4.1

hi

Did u get a chance to test

Sent from Cisco Technical Support iPhone App

Cisco Employee

Re: Password Policy for administrators in ACS 4.1

HI Farooq,

I have made some changes in the password policy section and set the password to be xpired after 1 day. I will be able to update you by tomorrow.

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
New Member

Re: Password Policy for administrators in ACS 4.1

ok. I will wait for the update

Sent from Cisco Technical Support iPhone App

New Member

Re: Password Policy for administrators in ACS 4.1

Dear jatin

Did u test it ?


Sent from Cisco Technical Support iPhone App

New Member

Re: Password Policy for administrators in ACS 4.1

dear Jatin

Did u get a chance to test it

Sent from Cisco Technical Support iPhone App

Cisco Employee

Re: Password Policy for administrators in ACS 4.1

sorry I forgot to update you.          

yes Farooq, that's a global change and would be applicable for all the administrator.

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
New Member

Re: Password Policy for administrators in ACS 4.1

Dear Jatin

Thanks for the response.

Did u peform the testing ? Did u check the local administrator (ACSAdmin) whether the password policy is applicable to this account....

Cisco Employee

Re: Password Policy for administrators in ACS 4.1

Hi Farooq,

Yes, I did recreate in my lab setup on acs 4.2.1.15

I would also like to add there is no default administrator for GUI access when you talk about ACS 4.2. If you want to access ACS 4.2.x remotely from a different computer, you first have to create an admin account on ACS.

The concept of default ACS gui administrator introduced in ACS 5.x where the default administrator username is acsadmin and password is default.

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
New Member

Re: Password Policy for administrators in ACS 4.1

Dear Jatin

I have ACS v 4.2.0 and it has defaultt administrator named ACSAdmin (Appliance Administrator)

Cisco Employee

Re: Password Policy for administrators in ACS 4.1

In case of ACS appliance version 4.2.0, the only default username and password cisco documented is CLI credentials.

ACS SE APPLIANCE CLI DEFAULT USERNAME AND PASSWORD.

Username: Administrator

Password: setup

In order to access GUI, there is no default username and password. It needs to be setup from ACS SE CLI. In your case someone must have created that account through CLI. If you need more clarification, you may read the below listed document that talks about the same.

Setting Up a GUI Administrator Account

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/solution_engine/instalap.html#wp1117461

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
Cisco Employee

Re: Password Policy for administrators in ACS 4.1

Farooq,

Let me show the same in documentation as well.

These policies influence all account logins.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/Admin.html#wp733971

Even if we check "account never expire" on the specific administrator account, you can override the lockout options but password change policy remains in effect.

Account Never Expires


Prevents account lockout by overriding the lockout options on the  Administrator Password Policy page with the exception of manual lockout.  Therefore, the account never expires but password change policy remains  in effect. The default value is unchecked (disabled).

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/Admin.html#wp703521

~BR

Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
Cisco Employee

Re: Password Policy for administrators in ACS 4.1

I hope that answered your question Farooq.

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
932
Views
0
Helpful
20
Replies