For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

marian_57792's avatar
marian_57792
Icon for Nimbostratus rankNimbostratus
May 10, 2011

local password reset automation

hey guys,

 

 

let me describe our issue. we got many local accounts set to 3 month password duration. If user doesn't change pwd in advance, password will expire and doesn't allow user to change it or logon to F5. It's very time consuming to reset each expired pwd's, sent notification mail and sync active-standby LTM's every time. we cannot have remote authentication due to security reason(security officer).

 

 

How are you dealing with this kind of issue ? cron jobs, notification emails, or ?

 

 

really appreciate you answers.

 

Thank you

 

 

Marian

 

config
design

3 Replies

  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    May 10, 2011
    Sorry. Only ever done individual user accounts with either TACACS or Radius...

     

     

    Why does your security officer think local accounts are more secure than using a centralised auth system? Centralised means more control. Not more insecurity (Although I'm sure someone could build an insecure central system :)...

     

     

    H
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    May 10, 2011
    But at least you'd only have one potentially insecure AAA server instead of many :)

     

     

    Marian, if can you think of a way to improve this scenario (like sending email notifications from LTM when a user's password is about to expire) you could open a request for enhancement case with F5 Support to request the new functionality. But I agree with Hamish--most enterprise level customers use remote admin auth and handle the account management there.

     

     

    Aaron