Chapter 1 Overview
AAA Server Functions and Concepts
1-16
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
For information on the requirements and configuration of the password aging
feature controlled by the CiscoSecure user database, see Enabling Password
Aging for the CiscoSecure User Database, page 6-21.
The Windows-based password aging feature enables you to control the following
password aging parameters:
• Maximum password age in days.
• Minimum password age in days.
The methods and functionality of Windows password aging differ according to
which Windows operating system you use and whether you employ Active
Directory (AD) or Security Accounts Manager (SAM). For information on the
requirements and configuration of the Windows-based password aging feature,
see Enabling Password Aging for Users in Windows Databases, page 6-26.
User-Changeable Passwords
With Cisco Secure ACS, you can install a separate program that enables users to
change their passwords by using a web-based utility. For more information about
installing user-changeable passwords, see the Installation and User Guide for
Cisco Secure ACS User-Changeable Passwords.
Other Authentication-Related Features
In addition to the authentication-related features discussed in this section, the
following features are provided by Cisco Secure ACS:
• Authentication of unknown users with external user databases (see About
Unknown User Authentication, page 15-4).
• Authentication of computers running Microsoft Windows (see Machine
Authentication, page 13-16).
• Support for the Microsoft Windows Callback feature (see Setting User
Callback Option, page 7-9).
• Ability to configure user accounts, including passwords, using an external
data source (see About RDBMS Synchronization, page 9-26).
• Ability for external users to authenticate via an enable password (see Setting
TACACS+ Enable Password Options for a User, page 7-35).
• Proxy of authentication requests to other AAA servers (see Proxy in
Distributed Systems, page 4-4).