Local password management – Cisco 3.3 User Manual
Page 311
8-5
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Chapter 8 System Configuration: Basic
Local Password Management
Local Password Management
You use the Local Password Management page to configure settings that apply to
managing passwords stored in the CiscoSecure user database. It contains the
following three sections:
•
Password Validation Options—These settings enable you to configure
validation parameters for user passwords. Cisco Secure ACS enforces these
rules when an administrator changes a user password in the CiscoSecure user
database and when a user attempts to change passwords using the
CiscoSecure Authentication Agent applet.
Note
Password validation options apply only to user passwords stored in
the CiscoSecure user database. They do not apply to passwords in
user records kept in external user databases nor do they apply to
enable or admin passwords for Cisco IOS network devices.
The password validation options are listed below:
–
Password length between X and Y characters—Enforces that password
lengths be between the values specified in the X and Y boxes, inclusive.
Cisco Secure ACS supports passwords up to 32 characters long.
–
Password may not contain the username—Requires that a user
password does not contain the username anywhere within it.
–
Password is different from the previous value—Requires a new user
password to be different from the previous password.
–
Password must be alphanumeric—Requires a user password to contain
both letters and numbers.
•
Remote Change Password—These settings enable you to configure whether
Telnet password change is enabled and, if it is enabled, whether Cisco Secure
ACS immediately sends the updated user data to its replication partners.
The remote change password options are listed below:
–
Disable TELNET Change Password against this ACS and return the
following message to the users telnet session—When selected, this
option disables the ability to perform password changes during a Telnet
session hosted by a TACACS+ AAA client. Users who submit a password
change receive the text message that you type in the corresponding box.