- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
08-25-2024 11:57 PM
Description:
I have queries on Password profile This has to do with the settings “Required Password Change Period (days)”. We created a password profile to test this setting and to avoid affecting the rest of the users. We set this setting to 3 (days). We then created a testuser and applied the password profile to this testuser and commit. After 3 days, instead of being prompted to change the password, the testuser account is locked out. According to the description here https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-web-interface-help/device/device-password-profi..., we are supposed to be prompted to change password, not get locked out. After checking around, I see from this post https://live.paloaltonetworks.com/t5/general-topics/panorama-administrators-user-required-password-c... that it has been documented previously, but no solution was posted there.
08-26-2024 04:54 AM
Hi @Purushotham ,
For the test accounts, did you create using local database auth? If so, you cannot assign password profiles to administrative accounts that use local database authentication (see Device > Local User Database > Users). If you try it with a user assigned a auth profile of SAML/LDAP/RADIUS/ETC. it should work.
09-09-2024 07:50 PM
Hi,
CX did not create using local database auth.
09-10-2024 11:30 AM
Hello,
I have yet to see Palo Alto implement a prompt for an admin user for a password expiration. I have a calendar reminder to do it.
Regards,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!