Cisco Systems 4.2 Server User Manual


 
5-4
Configuration Guide for Cisco Secure ACS 4.2
OL-14390-02
Chapter 5 Password Policy Configuration Scenario
Step 2: Configure Password Policy
Step 4 Click Grant All or Revoke All to globally add or remove all privileges,
Step 5 If you want to grant specific privileges to the administrator, check the check boxes that correspond to
the privileges that you want to grant.
Note For more information on administrative privileges, see the “Add Administrator and Edit
Administrator Pages” section in Chapter 11 of the User Guide for Cisco Secure Access Control
Server 4.2, “Administrators and Administrative Policy.”
Step 6 Go to Step 2: Configure Password Policy, page 5-4 (the next section of this chapter) and follow the steps
to specify password restrictions.
Step 2: Configure Password Policy
To configure password policy:
Step 1 On the Administration Control page, click Password Policy.
The Administrator Password Policy Setup page appears, shown in Figure 5-2.
Account Never
Expires
If you want to override the lockout options set up on the Administrator
Password Policy page (with the exception of manual lockout), check the check
box next to Account Never Expires. If you check this option, the account never
expires but password change policy remains in effect. The default value is
unchecked (disabled).
Account Locked If you want to lock out an administrator who is denied access due to the account
policy options specified on the Password Policy page, check the check box for
Account Locked. When unchecked (disabled), this option unlocks an
administrator who was locked out.
Administrators who have the Administration Control privilege can use this
option to manually lock out an account or reset locked accounts. The system
displays a message that explains the reason for a lockout.
When an administrator unlocks an account, ACS resets the Last Password
Change and the Last Activity fields to the day on which the administrator
unlocks the account.
The reset of a locked account does not affect the configuration of the lockout
and unlock mechanisms for failed attempts.
Option Description