07-27-2020 05:50 AM - edited 07-27-2020 05:54 AM
Customer stated that for ISE 2.2 TACACS when they force the “change password at next login prompt” it only works when admin user connects to a device via telnet, not via SSH. These are local ISE accounts.
"The challenge customer is facing today is that when they force the “change password at next login prompt” it only works via telnet, and customer is retiring Telnet."
They are on 2.2 and the question is if this is now possible in ISE 2.7?
Thanks in advance!
07-29-2020 05:13 PM
Hi @greschol
It should work in ISE 2.7. I have this working in ISE 2.4 patch 8
I toggled the admin account shown below to force password change and when I did an SSH to the Cisco device below using TACACS+, the device prompts me to change my password.
My settings below (I only customised the TACACS username prompts that the user will see)
I have not changed any of the settings below. It says "telnet" and I have not tried modifying the prompts - that's the part that might not work in SSH - but it's not a big deal if you can't customize the prompts - the prompts for SSH are fine as far as I am concerned.
I did an SSH to the switch below and this was the result:
08-09-2023 10:58 PM
Hello Team,
Does this feature “change password at next login prompt” also works for Fortigate firewall?
Regards,
Amit Poojary
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide