Showing results for 
Search instead for 
Did you mean: 

ACS query

Jonn cos

Hi all.

We have dialup users that are connecting to our portal for uploading/downloading credit information. We are currently using ACS 3.3. There is a requirement that, initially we provide clients with their username/password, but we want to enforce the policy that when the user logs in first time, he should be prompted (forcefully) to change his password.

1) Can this be done in ACS 3.3. I know its outdated but if anyone knows then pls tell me

2) What solution shall be used in this case ? can it be done in ACS 5.3 ?

Kindly guide me

5 Replies 5

Jonn cos

pls someone

Cisco Employee
Cisco Employee

Hi John,

You can enable password expiry for the users that login for the first time so that they are asked to change their password when they login for the first time.

For this, you will have to enable 'Password Aging Rules' on the ACS (this is applied on a group basis).

To enable Password Aging Rules:

ACS > Group Setup > Select the group and click edit settings >Password Aging Rules > check the 'Apply password change rule' box

This will force the user to change the password on the first log-in after an administrator has changed it.

Please note that if you do not see the option 'Password Aging Rules', then you will have to enable it from:

Interface Configuration > Advanced Options > Group-Level Password Aging.

Just as an FYI, support for ACS 3.3 ended in 2009. Reference: EOS/EOL Notice for ACS 3.3:

ACS 5.3 also allows you to force users to change their password on the next login. In ACS 5.3 this setting is located on the users's password change page. To force a user to change their passwod on next login:

Users and Identity Stores > Internal Identity Stores >


Check the box next to the relevant username

Click the "Change Password" button

Check the box next to "Change password on next login"

Click the "Submit" button

Let me know if that helps.



Sir i will check it today. I just want to know one thing more. When you said that it will force the user to change the password on their first login, did you mean that it will give them any banner/prompt that they need to change the password or do we need to tell them manually (like via email or something)

Rising star
Rising star

Hi John,

It is very difficult and not so that handy when it comes for ACS 3.3 version.

You can refer the below document for password rules in ACS and its explainations..

Refer the below discussion about ACS 3.3 for VPN users Password rules which is well explained.

Hope this helps.

ACS 5.x version you can set this without any issues.

Please do rate if the given information helps.



Sir, when you said it can be done in ACS 5, then are you talking about forcefully prompt the user to change the password ?

Kindly let me know, and sorry for the delayed response

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: