OL08-00-020290 - OL 8 must prohibit the use of cached authentications after one day.

Information

If cached authentication information is out of date, the validity of the authentication information may be questionable.

OL 8 includes multiple options for configuring authentication, but this requirement will focus on the System Security Services Daemon (SSSD). By default, SSSD does not cache credentials.

Solution

Configure the SSSD to prohibit the use of cached authentications after one day.

Add or change the following line in '/etc/sssd/sssd.conf' just below the line '[pam]'.

offline_credentials_expiration = 1

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_8_V2R2_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(13), CAT|II, CCI|CCI-002007, Rule-ID|SV-248710r958828_rule, STIG-ID|OL08-00-020290, Vuln-ID|V-248710

Plugin: Unix

Control ID: 6029a55b54f6b9ce47f71203adb0157e1615cb167318f8a94373f1630015d311