We have upgraded some firewalls to ASA 9.19.1. I noticed that if I change the hash of some other user's password on the firewall, that when that other user logs in, they are forced to change their password. The idea is that the admin who put in the hash won't ultimately know what the user's password will be when they change it.
Is there a way to remove this flag or feature? The "show aaa local user" commands provides columns on Lock-time, Failed-attempts, Locked, Expired, New-User for listed users on the firewall. Is there a way to make it so the New-User column doesn't trigger password changes?
