Re: Password Policy for administrators in ACS 4.1 - Page 2

Farooq Razzaque · ‎10-02-2013

Dear

In ACS, I want to know if i set the following password lifetime option under password policy for administrators under administration control then will
that change be applicable to all local administrators or it will be applicable to only default administrator (ACSAdmin)

If i set the number of days for 10 days then what will happend after passing 10th day..

Will the ACS give the option to change the password when i try to login after 10th day ?
Will it give the option on the main ACS login page.

password Liftetime Options
*******************************

The password will require change after 10 days

Farooq Razzaque · ‎10-17-2013

Dear Jatin

Thanks for the response.

Did u peform the testing ? Did u check the local administrator (ACSAdmin) whether the password policy is applicable to this account....

Jatin Katyal · ‎10-17-2013

Hi Farooq,

Yes, I did recreate in my lab setup on acs 4.2.1.15

I would also like to add there is no default administrator for GUI access when you talk about ACS 4.2. If you want to access ACS 4.2.x remotely from a different computer, you first have to create an admin account on ACS.

The concept of default ACS gui administrator introduced in ACS 5.x where the default administrator username is acsadmin and password is default.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

Farooq Razzaque · ‎10-17-2013

Dear Jatin

I have ACS v 4.2.0 and it has defaultt administrator named ACSAdmin (Appliance Administrator)

Jatin Katyal · ‎10-18-2013

In case of ACS appliance version 4.2.0, the only default username and password cisco documented is CLI credentials.

ACS SE APPLIANCE CLI DEFAULT USERNAME AND PASSWORD.

Username: Administrator

Password: setup

In order to access GUI, there is no default username and password. It needs to be setup from ACS SE CLI. In your case someone must have created that account through CLI. If you need more clarification, you may read the below listed document that talks about the same.

Setting Up a GUI Administrator Account

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/solution_engine/instalap.html#wp1117461

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

Jatin Katyal · ‎10-17-2013

Farooq,

Let me show the same in documentation as well.

These policies influence all account logins.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/Admin.html#wp733971

Even if we check "account never expire" on the specific administrator account, you can override the lockout options but password change policy remains in effect.

Account Never Expires

Prevents account lockout by overriding the lockout options on the Administrator Password Policy page with the exception of manual lockout. Therefore, the account never expires but password change policy remains in effect. The default value is unchecked (disabled).

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/Admin.html#wp703521

~BR

Jatin Katyal

**Do rate helpful posts**

~Jatin

Jatin Katyal · ‎10-17-2013

I hope that answered your question Farooq.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin