09-24-2009 01:17 AM - edited 03-10-2019 04:42 PM
Hi All,
Can some one provide a solution for the below requirement?
We do have ACS 4.2 appliance managing firewalls of different clients. The users are common i.e, helpdesk administrators. One of the client came up with setting different password policy for managing their devices i.e, the client wants to have min 15 characters as password length. We do have currently 8 characters as min password length. Can we change the password policy to min 15 characters only for managing the firewalls of this client whereas for all other client firewalls we feel better to have 8 characters as min password length?
It seems that these password policies are global & affects all the users.
This is something like, having two sets of password (for each user) policy depending on the client which he is going to manage.
For my knowledge, i think that this is not possible. But, thought to cross-check with experts!
-Jags.
09-24-2009 02:08 AM
With ACS you'd need multiple appliances and use TACACS/RADIUS proxy to forward specific requests to another ACS - with the appropriate password requirements.
If ACS was back-ending onto Windows you might be able to set up windows per-group password policies?
09-24-2009 05:13 AM
Hi jags,
Yor're correct. Password policy on ACS will affect all internal user. We can't create different password policies for diferent clients/connections/set_of_users
Password validation options apply only to user passwords that are stored in the ACS internal database. They do not apply to passwords in user records in external user databases; nor do they apply to enable or admin passwords for Cisco IOS network devices.
HTH
Regards,
JK
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide