We have dialup users that are connecting to our portal for uploading/downloading credit information. We are currently using ACS 3.3. There is a requirement that, initially we provide clients with their username/password, but we want to enforce the policy that when the user logs in first time, he should be prompted (forcefully) to change his password.
1) Can this be done in ACS 3.3. I know its outdated but if anyone knows then pls tell me
2) What solution shall be used in this case ? can it be done in ACS 5.3 ?
Kindly guide me
You can enable password expiry for the users that login for the first time so that they are asked to change their password when they login for the first time.
For this, you will have to enable 'Password Aging Rules' on the ACS (this is applied on a group basis).
To enable Password Aging Rules:
ACS > Group Setup > Select the group and click edit settings >Password Aging Rules > check the 'Apply password change rule' box
This will force the user to change the password on the first log-in after an administrator has changed it.
Please note that if you do not see the option 'Password Aging Rules', then you will have to enable it from:
Interface Configuration > Advanced Options > Group-Level Password Aging.
Just as an FYI, support for ACS 3.3 ended in 2009. Reference: EOS/EOL Notice for ACS 3.3:http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps2086/prod_end-of-life_notice0900aecd80420b67.html
ACS 5.3 also allows you to force users to change their password on the next login. In ACS 5.3 this setting is located on the users's password change page. To force a user to change their passwod on next login:
|Users and Identity Stores >||Internal Identity Stores >|
Check the box next to the relevant username
Click the "Change Password" button
Check the box next to "Change password on next login"
Click the "Submit" button
Let me know if that helps.
Sir i will check it today. I just want to know one thing more. When you said that it will force the user to change the password on their first login, did you mean that it will give them any banner/prompt that they need to change the password or do we need to tell them manually (like via email or something)
It is very difficult and not so that handy when it comes for ACS 3.3 version.
You can refer the below document for password rules in ACS and its explainations..
Refer the below discussion about ACS 3.3 for VPN users Password rules which is well explained.
Hope this helps.
ACS 5.x version you can set this without any issues.
Please do rate if the given information helps.
Sir, when you said it can be done in ACS 5, then are you talking about forcefully prompt the user to change the password ?
Kindly let me know, and sorry for the delayed response