I've found that if we set the "User must change password at next login" for local accounts on an ACS6000 you'll be prompted to change the password but won't be able to: login as: root Using keyboard-interactive authentication. Password: Using keyboard-interactive authentication. Password change requested. Choose a new password. Old Password: Using keyboard-interactive authentication. Password unchanged Access denied Using keyboard-interactive authentication. Password: The Appliance Authentication type is set to DSView/Local and I don't have " Enable fallback to Local type for root user in appliance console port" selected. My suspicion is that when you log in the ACS attempts to authenticate to Avocent DSView, fails, then falls back to local and succeeds there. But the "Old Password:" authentication doesn't use the local database. if the ACS6000 is on the network and on Avocent DSView there are quite a few ways I can think of to work around this. But we have two Avocent ACS6000 that are being reused so they need new IP addresses. And when they were decommissioned last they had secure passwords with the "User must change password at next login" set. My thought at this point is that there's no way around this bug short of booting into a recovery mode and resetting the root password. Or going back to factory default completely. If there is a work around to this let me know. And to avoid this in the future I am considering changing the configuration to enable "Enable fallback to Local type for root user in appliance console port ". But, since I'm not local to any of the ACS6000 I can't test. Can you verify that this setting will allow local access via the root ID even if the password must be changed? Since I believe this is a bug let's do what's necessary to have it reviewed and hopefully fixed in a future firmware upgrade.
↧