Enabling User Changeable Passwords

User Changeable Passwords (UCP) is an application that enables users to change their Cisco Secure ACS passwords with a web-based utility. When users need to change passwords, they can access the UCP web page using a web browser. The UCP web page requires users to log in. The password required is the user's existing PAP password. After UCP authenticates the users to Cisco Secure ACS, it allows them to change their PAP/CHAP passwords.

To install UCP, a Microsoft IIS 5.0 or 6.0 web server must be running. Communications between UCP and Cisco Secure ACS is protected with 128-bit encryption. It is also possible to secure communications between the user and UCP by using Secure Sockets Layer (SSL). SSL is the recommended method for UCP.

For users authenticated against a Windows user database, ACS user passwords may be changed upon password expiration. This feature may be enabled in the Cisco Secure ACS server in the MS-CHAP and Windows EAP settings tables in the external user database section. The compatible password protocols that may be used are MS-CHAP, PEAP (EAP-GTC), PEAP (EAP-MSCAPv2), and EAP-FAST.

For installation and configuration information regarding UCP, visit Cisco.com.

0 0

Post a comment