Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Local User Password Reset

I'm using an ASA 5510 with local user authentication for VPN access. Is there a method that I can use to prompt for user password changes after a given time? If not with local accounts, what other authentication methods may be available to prompt users for password changes and provide them with that capability?

My clients are using AnyConnect 2.3.2016 and the ASA is v 8.0(4)




Re: Local User Password Reset


Local passwords never expire so there is no way to force password changes using the local database. The good news is that it can be done using a AAA server like Cisco ACS. It can also map back to your domain or LDAP realms and use those user names & passwords!

Hope that helps.

New Member

Re: Local User Password Reset

Thanks for the response. I kind of thought that was going to be the case. Do you know of any security concerns that would lean a person one way or the other regarding radius vs ldap?

Thanks again

Re: Local User Password Reset

I would lean towards TACACs if you can. It encrypts the AAA packets whereas RADIUS creates a hash of them.

New Member

Re: Local User Password Reset

I'll look into it!

Thanks again for your response.

CreatePlease to create content