Cisco Secure Access Control Server for Windows
User changeable passwords

Starting with Cisco Secure ACS for Windows Server version 3.2, system administrators can enable User-Changeable Password (UCP) . UCP is an application that enables users to change their Cisco Secure ACS passwords with a web-based utility. A web server that runs Microsoft Internet Information Server (IIS) 5.0 or later is required to install UCP.

When users need to change passwords, they can access the UCP server web page using a supported web browser. The UCP web page requires users to log in. The password required is the PAP password for the user account. UCP authenticates the user with Cisco Secure ACS and then allows the user to specify a new password. UCP changes both the PAP and CHAP passwords for the user to the password submitted.

Communication between the UCP server and the Cisco Secure ACS system is protected with 128-bit encryption. To further increase security, it is recommended to implement SSL to protect communication between user web browsers and the UCP server.

The SSL protocol provides security for remote access data transfer between the UCP web server and the user's web browser. Because users change their Cisco Secure ACS database passwords over a connection between their web browsers and Microsoft IIS, user and password data is vulnerable. The SSL protocol encrypts data transfers, including passwords, between web browsers and Microsoft IIS.