Hi
With TACACS+ local account, do you referr to local account in ClearPass?
Do you only use ClearPass as user directory or do you have any other user directory such as Active Directory? If you have Active Directory you can create the needed account in AD and mark the account to not need to change password
You can create the needed accounts in any of the user account databases, Admin Users, Local Users and Guest Users.
Another option may be to utilize a custom created guest user, assign the user to a dedicated role and allow this user with this role to authenticate in the TACACS service.
I have never tried exact your use case, but should be possible to do.
------------------------------
Best Regards
Jonas Hammarbäck
MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
------------------------------
Original Message:
Sent: Aug 27, 2024 10:45 AM
From: mhabiballa
Subject: Tacacs+ account as a Service account on CPPM
Hi,
There is a requirements for a specific tacacs+ local account on CPPM to have their password never expire or got disabled by TIPS for not changing it. Those accounts will be used for SNMP monitoring over network devices (routers, switches, WLCs). Is there anyway to create such account on CPPM?
If I change password expiry rules it will be changed for all accounts!.