Cisco 3.3 User Manual
Page 312
Chapter 8 System Configuration: Basic
Local Password Management
8-6
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
–
Upon remote user password change, immediately propagate the
change to selected replication partners—This setting determines
whether Cisco Secure ACS sends to its replication partners any
passwords changed during a Telnet session hosted by a TACACS+ AAA
client, by the CiscoSecure Authentication Agent, or by the
User-Changeable Passwords web interface. The Cisco Secure ACSes
configured as this Cisco Secure ACS’s replication partners are listed
below this check box.
This feature depends upon having the CiscoSecure Database Replication
feature configured properly; however, replication scheduling does not
apply to propagation of changed password information. Cisco Secure
ACS sends changed password information immediately, regardless of
replication scheduling.
Changed password information is replicated only to Cisco Secure ACSes
that are properly configured to receive replication data from this
Cisco Secure ACS. The automatically triggered cascade setting for the
CiscoSecure Database Replication feature does not cause Cisco Secure
ACSes that receive changed password information to send it to their
replication partners.
For more information about CiscoSecure Database Replication, see
CiscoSecure Database Replication, page 9-1
•
Password Change Log File Management—These settings enable you to
configure how Cisco Secure ACS handles log files generated for the User
Password Change report. For more information about this report, see
Cisco Secure ACS System Logs, page 11-13
.
The log file management options for the User Password Changes Log are
listed below:
–
Generate New File—You can specify the frequency at which
Cisco Secure ACS creates a User Password Changes Log file: daily,
weekly, monthly, or after the log reaches a size in kilobytes that you
specify.
–
Manage Directory—You can specify whether Cisco Secure ACS
controls the retention of log files. If enabled, this feature enables you to
specify either the maximum number of files to retain or the maximum age
of files to retain. If the maximum number of files is exceeded,
Cisco Secure ACS deletes the oldest log file. If the maximum age of a file
is exceeded, Cisco Secure ACS deletes the file.