Re: ISE Device Admin "password change at next login"

greschol · ‎07-27-2020

Customer stated that for ISE 2.2 TACACS when they force the “change password at next login prompt” it only works when admin user connects to a device via telnet, not via SSH. These are local ISE accounts.

"The challenge customer is facing today is that when they force the “change password at next login prompt” it only works via telnet, and customer is retiring Telnet."

They are on 2.2 and the question is if this is now possible in ISE 2.7?

Thanks in advance!

Arne Bier · ‎07-29-2020

Hi @greschol

It should work in ISE 2.7. I have this working in ISE 2.4 patch 8

I toggled the admin account shown below to force password change and when I did an SSH to the Cisco device below using TACACS+, the device prompts me to change my password.

My settings below (I only customised the TACACS username prompts that the user will see)

I have not changed any of the settings below. It says "telnet" and I have not tried modifying the prompts - that's the part that might not work in SSH - but it's not a big deal if you can't customize the prompts - the prompts for SSH are fine as far as I am concerned.

I did an SSH to the switch below and this was the result:

amitspoojary95@gmail.com · ‎08-09-2023

Hello Team,

Does this feature “change password at next login prompt” also works for Fortigate firewall?

Regards,

Amit Poojary