Cisco Systems 3.3

Chapter 8 System Configuration: Basic

Local Password Management

8-6

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

–

Upon remote user password change, immediately propagate the

change to selected replication partners—This setting determines

whether Cisco Secure ACS sends to its replication partners any

passwords changed during a Telnet session hosted by a TACACS+ AAA

client, by the CiscoSecure Authentication Agent, or by the

User-Changeable Passwords web interface. The Cisco Secure ACSes

configured as this Cisco Secure ACS’s replication partners are listed

below this check box.

This feature depends upon having the CiscoSecure Database Replication

feature configured properly; however, replication scheduling does not

apply to propagation of changed password information. Cisco Secure

ACS sends changed password information immediately, regardless of

replication scheduling.

Changed password information is replicated only to Cisco Secure ACSes

that are properly configured to receive replication data from this

Cisco Secure ACS. The automatically triggered cascade setting for the

CiscoSecure Database Replication feature does not cause Cisco Secure

ACSes that receive changed password information to send it to their

replication partners.

For more information about CiscoSecure Database Replication, see

CiscoSecure Database Replication, page 9-1.

•Password Change Log File Management—These settings enable you to

configure how Cisco Secure ACS handles log files generated for the User

Password Change report. For more information about this report, see

Cisco Secure ACS System Logs, page 11-13.

The log file management options for the User Password Changes Log are

listed below:

–

Generate New File—You can specify the frequency at which

Cisco Secure ACS creates a User Password Changes Log file: daily,

weekly, monthly, or after the log reaches a size in kilobytes that you

specify.

–

Manage Directory—You can specify whether Cisco Secure ACS

controls the retention of log files. If enabled, this feature enables you to

specify either the maximum number of files to retain or the maximum age

of files to retain. If the maximum number of files is exceeded,

Cisco Secure ACS deletes the oldest log file. If the maximum age of a file

is exceeded, Cisco Secure ACS deletes the file.