RHEL-09-631020 - RHEL 9 must prohibit the use of cached authenticators after one day.

Information

If cached authentication information is out-of-date, the validity of the authentication information may be questionable.

Solution

Configure the SSSD to prohibit the use of cached authentications after one day.

Edit the file "/etc/sssd/sssd.conf" or a configuration file in "/etc/sssd/conf.d" and add or edit the following line just below the line [pam]:

offline_credentials_expiration = 1

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_9_V2R3_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(13), CAT|II, CCI|CCI-002007, Rule-ID|SV-258133r1045263_rule, STIG-ID|RHEL-09-631020, Vuln-ID|V-258133

Plugin: Unix

Control ID: b3a19b3a868f46c05f9f53b974616c74562dfbd6f99d1adf59ce54b9fcf20a24