Chapter 16 Managing System Administrators

Configuring Authentication Settings for Administrators

Table 16-7

Advanced Tab

Options

Description

Password History

Password must be different from the previous n versions

Specifies the number of previous passwords for this administrator to be compared against. This option prevents the administrators from setting a password that was recently used. Valid options are 1 to 99.

Password Lifetime: Administrators are required to periodically change password

Display reminder after n days

Displays a reminder after n days to change password; the valid options are 1 to

 

365. This option, when set, only displays a reminder. It does not prompt you for

 

a new password.

 

 

Require a password change after n days

Specifies that the password must be changed after n days; the valid options are

 

1 to 365. This option, when set, ensures that you change the password after n

 

days.

 

 

Disable administrator account after n days

Specifies that the administrator account must be disabled after n days if the

if password is not changed

password is not changed; the valid options are 1 to 365.

 

ACS does not allow you to configure this option without configuring the Display

 

reminder after n days option.

 

 

Account Inactivity

 

 

 

Inactive accounts are disabled

 

 

 

Require a password change after n days of

Specifies that the password must be changed after n days of inactivity; the valid

inactivity

options are 1 to 365. This option, when set, ensures that you change the

 

password after n days.

 

ACS does not allow you to configure this option without configuring the Display

 

reminder after n days option.

 

 

Disable administrator account after n days

Specifies that the administrator account must be disabled after n days of

of inactivity

inactivity; the valid options are 1 to 365.

 

ACS does not allow you to configure this option without configuring the Display

 

reminder after n days option.

 

 

Incorrect Password Attempts

 

Disable account after n successive failed attempts

Specifies the maximum number of login retries after which the account is disabled; the valid options are 1 to 10.

Note ACS automatically deactivates or disables your account based on your last login, last password change, or number of login retries. The CLI and PI user accounts are blocked and they receive a notification that they can change the password through the web interface. If your account is disabled, contact another administrator to enable your account.

Step 4 Click Submit.

The administrator password is configured with the defined criteria. These criteria will apply only for future logins.

 

User Guide for Cisco Secure Access Control System 5.3

16-10

OL-24201-01

Page 485 Page 487
Page 486
Image 486
Cisco Systems OL-24201-01 manual Options Description, 16-10
Page 485 Page 487
Top Page Image Contents