6-23
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Chapter6 Setting Up and Managing User Groups Configuration-specific User Group Settings
Tip To allow users to log in an unlimited number of times without changing their
passwords, type -1.
Apply password change ruleSelecting this check box forces new users to
change their password the first time they log in.
Generate greetings for successful loginsSelecting this check box enables
a Greetings message to display whenever users log in successfully via the
CAA client. The message contains up-to-date password information specific
to this users account.
The password aging rules are not mutually exclusive; a rule is applied for each
check box that is selected. For example, users can be forced to change their
passwords every 20 days, and every 10 logins, and to receive warnings and grace
periods accordingly.
If no options are checked, passwords never expire.
Unlike most other parameters, which have corresponding settings at the user level,
password aging parameters are configured only on a group basis.
Users who fail authentication because they have not changed their passwords and
have exceeded their grace periods are logged in the Failed Attempts log. The
accounts are expired and appear in the Accounts Disabled list.
Before You Begin
Verify that your AAA client is running the TACACS+ or RADIUS protocol.
(TACACS+ only supports password aging for device-hosted sessions.)
Set up your AAA client to perform authentication and accounting using the
same protocol, either TACACS+ RADIUS.
Set up your AAA client to use Cisco IOS Release 11.2.7 or later and to send
a watchdog accounting packet (aaa accounting new-info update) with the IP
address of the calling station.
To set password aging rules for a user group, follow these steps:
Step 1 In the navigation bar, click Group Setup.
Result: The Group Setup Select page opens.
Step 2 From the Group list, select a group, and then click Edit Settings.
Result: The Group Settings page displays the name of the group at its top.