Configuration-specific User Group Settings
Enabling Password Aging for the CiscoSecure User Database
User Guide for Cisco Secure ACS for Windows Server
6-20
The password aging feature of Cisco Secure ACS enables you to force users to
change their passwords under one or more of the following conditions:
•
After a specified number of days (age-by-date rules)
After a specified number of logins (age-by-uses rules)
•
The first time a new user logs in (password change rule)
•
Varieties of Password Aging Supported by Cisco Secure ACS
Cisco Secure ACS supports four distinct password aging mechanisms, as follows:
EAP-GTC Windows NT/2000 Password Aging—Users must be in the
•
Windows NT/2000 database and be using a Microsoft client that supports
EAP, such as Windows XP. For information on the requirements and
configuration of this password aging mechanism, see
Aging for Users in Windows Databases, page
RADIUS-based Windows NT/2000 Password Aging—Users must be in the
•
Windows NT/2000 database and be using the Windows Dial-up Networking
(DUN) client. For information on the requirements and configuration of this
password aging mechanism, see
Windows Databases, page
•
Password Aging for Device-hosted Sessions—Users must be in the
CiscoSecure user database, the AAA client must be running TACACS+, and
the connection must use Telnet. You can control the ability of users to change
passwords during a device-hosted Telnet session. You can also control
whether Cisco Secure ACS propagates passwords changed by this feature.
For more information, see
•
Password Aging for Transit Sessions—Users must be in the CiscoSecure
user database. Users must be using the Windows 95/98/ME, Windows NT
3.51, Windows NT 4.0, Windows 2000 DUN client, or another PPP dialup
client. Further, the end-user client must have CiscoSecure Authentication
Agent (CAA) installed in Windows 95/98/ME or Windows NT/2000.
The CAA software is available at http://www.cisco.com.
Tip
Chapter 6
Setting Up and Managing User Groups
6-25.
Enabling Password Aging for Users in
6-25.
Local Password Management, page
Enabling Password
8-5.
78-14696-01, Version 3.1