Filter
Top Products
8-11
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 8 Managing Users and Identity Stores
Managing Internal Identity Stores
Step 4 Click Submit.
The user password is configured with the defined criteria. These criteria will apply only for future logins.
Note ACS supports any character as passwords and shared secrets that can be represented using UTF-8
encoding.
Note If one of the users gets disabled, the Failed Attempt Count value needs to be reconfigures multiple times.
In such a case, the Administrators should note the current failed attempts count of such user, separately
or they should reset the count to 0 for all users.
Creating Internal Users
In ACS, you can create internal users that do not access external identity stores for security reasons.
You can use the bulk import feature to import hundreds of internal users at a time; see Performing Bulk
Operations for Network Resources and Users, page 7-8 for more information. Alternatively, you can use
the procedure described in this topic to create internal users one at a time.
Step 1 Select Users and Identity Stores > Internal Identity Store > Users.
The Internal Users page appears.
Step 2 Click Create. You can also:
• Check the check box next to the user that you want to duplicate, then click Duplicate.
Password must be different from the
previous n versions.
Specifies the number of previous passwords for this user to be compared against.
The number of previous passwords include the default password as well. This
option prevents the users from setting a password that was recently used. Valid
options are 1 to 99.
Password Lifetime
Users can be required to periodically change password
Disable user account after n days if
password is not changed
Specifies that the user account must be disabled after n days if the password is
not changed; the valid options are 1 to 365. This option is applicable only for
TACACS+ authentication.
Display reminder after n days Displays a reminder after n days to change password; the valid options are 1 to
365. This option, when set, only displays a reminder. It does not prompt you for
a new password. This option is applicable only for TACACS+ authentication.
TACACS Enable Password
Select whether a separate password should be defined in the user record to store the Enable Password
TACACS Enable Password Check the check box to enable a separate password for TACACS+
authentication.
Table 8-3 Advanced Tab
Options Description