To configure the password expiry, please follow these steps : - On the ACS server, system configurations > Local Password Managment > uncheck the check box " Disable Telnet Change Password against the ACS ". Now on the group setup set up the password aging parameters.
To support password-aging using Windows active directory we need to have AAA client configured for radius.
Below link gives more information on this.
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs33/user/g.htm#wp479732
For password expiry to work with tacacs we need to have the username and passwords configured locally on the ACS server.
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs33/user/o.htm#wp792652
Regards,
~JG
Do rate helpful posts