Password lifetime

acontes · ‎09-22-2011

Hi,

i am looking for a solution for the following problem: we want to enable password lifetime for device administration (tacacs+) and to disable password lifetime for 802.1x radius authentication with local user database. with the old acs 3.3 system it was possible to define this in every single user group. with acs 5.1 you are only able to enable oder disable password lifetime globally.

any hints on this?

jrabinow · ‎09-22-2011

There is a solution available to disable password lifetime on a per user basis

Need to upgrade to ACS 5.2 and install cummulative patch 5.2.0.26.2 patch or higher that includes the following enhancement

CSCtk32178: Add an option for pass never expired for specific users

There are no new specific options you will see in the GUI for this feature. It is enabled by creating attributes for internal users

This functionality is enabled as follows:

- In : System Administration > Configuration > Dictionaries > Identity > Internal Users add Boolean attribute ACS‐RESERVED‐Never‐Expired and set its default value to "false".

- Set this user attribute to be true in the internal user definitions of those users whose password should never expire.

There should be a pdf doc included together with the readme

If you do upgrade t ACS 5.2 and install the patch I recommend to utilize the latest patch since they are cummulative: 5.2.0.26.6

acontes · ‎09-22-2011

Very nice. I will upgrade to 5.2 and try if it works.

I suppose there are a lot more attributes. Are they somewhere documented?