I've previously tried this without success:

Screenshots:

http://i.imgur.com/pryQn.png

http://i.imgur.com/nwPRZ.png

The account still expires for not changing the password every "x" days.

Do any of the new per-user security options in 5.4 address this is a more clean manner?  However, I'd certainly like to get this working too.

I have the same issue, settings match Paul's screen shots however service account passwords are still expiring. Any sugestions would be apreciated.

Thanks.

I was able to recreate the issue you described on my ACS 5.4 system and also saw users still expiring.

I have reported the issue and will update when get confirmation of any analysis on this issue

We are running ACS version 5.4.0.46.0a, I had a TAC case open for another issue and asked the engineer about this and they mentioned that they thought the issue should be resolved in the latest patch. I setup ACS in a lab to test this just have not gotten around to it yet but if you are running the latest build and still having the issue it will save me some time.

Let me know what build you are running that is still having this issue.

Thanks.

It is not yet resolved in latest patch for ACS 5.4 (patch 2)

Target is for patch 3; do not have any ETA yet

Following is the CDETS to be tracked:

CSCue30822  Password expiration with Boolean

I have dug in some more here.

Currently the user will not expire if the following setting is selected

System Administration > Users > Authentication Settings

Option to expire the password must be selected. Then users with the attribute set to true wil never expire and other users will have the passwords expire after this interval and will be forced to change password on next login providing that use a protocol that supports change password. Otherwise authentication will fail with

Authentication failed :

24203 User need to change password

The issue has been resolved in ACS 5.4 patch 3. With following fix

CSCuf16197    ACS-RESERVED-Never-Expired does not prevent user account from expiring

Now irrespective of whether select the "Expire the password" or "Disable user account" neither of these options will take effect if the ACS-RESERVED-Never-Expired attribute is set to tru

An additional fix of interest in this patch may be

CSCuc58345     Even with ACS-RESERVED-Never-Expired ACS counts down days until expiry

Is this to suggest that the configuration based on the screenshots I provided above should prevent account expiration with the patch?  If yes, something is still not working correctly.  Has anyone else got this to work?

Back to top.  Problem still exists.

I'm still having this problem.  BTT.

We have not seen others hitting this problem and without further details I can't really help assess further

Note that ACS 5.5 was posted today and includes the following enhancement:

CSCty77259: ACS 5 global password policy for local user should have per user ignore

Is there any additional information I can provide which will assist you?  I am running  5.4.0.46.4.

The screenshots in the top of this thread are mine.

If you're suggesting 5.5 has a "disable password policy for user entirely" style knob this may work in lieu of disabling password expiration enforcement per user.  However, I do not know if I will have the ability to upgrade to 5.5 right now.

This just happened again.  I tried completely deleting the account and re-creating it, with no further success.  It's a service account and predictable, it starts to fail to funciton when it's password expires because it can't be succesfully overridden from general policy.

I am still not able to access that bug as it is not Cisco customer visible.