Ubuntu 22.04 LTS must be configured such that Pluggable Authentication Module (PAM) prohibits the use of cached authentications after one day.

An XCCDF Rule

Details
Profiles

Description

If cached authentication information is out-of-date, the validity of the authentication information may be questionable.

ID: SV-260581r958828_rule
Version: UBTU-22-631015
Severity: Low
References: CCI-002007
Updated: about 2 months ago

Remediation Templates

Configure PAM to prohibit the use of cached authentications after one day.  
 
Add or modify the following line in the "/etc/sssd/sssd.conf" file, just below the line "[pam]": 
  
offline_credentials_expiration = 1 
  
Note: It is valid for this configuration to be in a file with a name that ends with ".conf" and does not begin with a "." in the "/etc/sssd/conf.d/" directory instead of the "/etc/sssd/sssd.conf" file.

Ubuntu 22.04 LTS must be configured such that Pluggable Authentication Module (PAM) prohibits the use of cached authentications after one day.

Description

Remediation Templates

A Manual Procedure