Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
900
Views
0
Helpful
4
Replies

Local User Password Reset

kmkrause2
Level 1
Level 1

‎10-13-2009 05:54 AM

I'm using an ASA 5510 with local user authentication for VPN access. Is there a method that I can use to prompt for user password changes after a given time? If not with local accounts, what other authentication methods may be available to prompt users for password changes and provide them with that capability?

My clients are using AnyConnect 2.3.2016 and the ASA is v 8.0(4)

Thanks,

Ken

Labels:
0 Helpful
4 Replies 4

Collin Clark
VIP Alumni
VIP Alumni

‎10-13-2009 01:10 PM

Ken-

Local passwords never expire so there is no way to force password changes using the local database. The good news is that it can be done using a AAA server like Cisco ACS. It can also map back to your domain or LDAP realms and use those user names & passwords!

http://www.cisco.com/en/US/products/sw/secursw/ps2086/index.html

Hope that helps.

0 Helpful

kmkrause2
Level 1
Level 1
In response to Collin Clark

‎10-13-2009 01:14 PM

Thanks for the response. I kind of thought that was going to be the case. Do you know of any security concerns that would lean a person one way or the other regarding radius vs ldap?

Thanks again

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to kmkrause2

‎10-13-2009 01:25 PM

I would lean towards TACACs if you can. It encrypts the AAA packets whereas RADIUS creates a hash of them.

0 Helpful

kmkrause2
Level 1
Level 1
In response to Collin Clark

‎10-14-2009 04:53 AM

I'll look into it!

Thanks again for your response.

0 Helpful
Customers Also Viewed These Support Documents