Never disable account in ACS 5.x

raydo_cisco · ‎02-17-2013

Hi,

I'm currently setting my ACS 5.x for oridinary person to disable account if password not changed for certain date, But some VIP accounts need to exclude from this condition, any solution? Thanks in adv.

raydo_cisco · ‎02-17-2013

and, how do I display the password lifttime of individual user? any CLI, or monitor tools ?

Jatin Katyal · ‎02-17-2013

Looks like you're talking about the below listed option under system administration >> users >> authenticating settings >> advanced.

Password Lifetime

Users can be required to periodically change password


	If password not changed after		days :
	Disable user account

Unfortunately, this is not supported in the current ACS code. This is a global setting which will be apllied to all users and groups without any exception. If you need this featute, you need to contact your cisco accounts team.

Regards,

Jatin Katyal

- Do rate helpful posts -

Password Lifetime

Users can be required to periodically change password


	If password not changed after		days :
	Disable user account
	Expire the password

	Display reminder after		days

~Jatin

raydo_cisco · ‎02-18-2013

Thx for your reply. Then, I'll change to use expire password with identity "ACS-Reserved-Never-Expired" instead. But is there any cli / report that can show password lifetime of individual users ?