Introduction
What is the Account Disablement policy in ACS 5.3?
The Account Disablement Policy allows you to disable the users of Internal Identity Store when the configured date is beyond the permitted date, the configured number of days are beyond the permitted days, or the number of consecutive unsuccessful login attempts exceeds the threshold. The default value for date exceeds is 30 days from the current date. The default value for days should not be more than 60 days from the current day. The default value for failed attempts is 5.
This is a new feature in ACS 5.3 and is discussed in full details in the new document:
ACS 5.3 and later: Local User Lockout Configuration
ACS 5.2 and below does not have option to disable local account on failed attempts is an enhancement request.
Enhancement Request CSCth12406
ACS 5 does not have option to disable local account on failed attempts - CSCth12406
Symptom:
ACS 5 does not have an option to disable local account in internal identity store on failed attempts
Conditions:
When ACS 5 is used to only authenticate users using internal identity store, there is no way to configure an account lockout policy for failed attempts.
Workaround:
Currently there is no workaround
Known Fixed Releases: | 5.2(0.26.4) |
Download software for Cisco Secure Access Control Server Solution Engine
Source
