AlmaLinux OS 9 must prohibit the use of cached authenticators after one day.

An XCCDF Rule

Details
Profiles

Description

Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. If the information system or application allows the user to consecutively reuse their password when that password has exceeded its defined lifetime, the end result is a password that is not changed as per policy requirements. If cached authentication information is out-of-date, the validity of the authentication information may be questionable.

ID: SV-269409r1050292_rule
Version: ALMA-09-038630
Severity: Medium
References: CCI-002007
Updated: about 2 months ago

Remediation Templates

Configure the SSSD to prohibit the use of cached authentications after one day.

Add/modify the following line in "/etc/sssd/sssd.conf" (or a conf file in /etc/sssd/conf.d/) just below the line [pam]:

offline_credentials_expiration = 1

AlmaLinux OS 9 must prohibit the use of cached authenticators after one day.

Description

Remediation Templates

A Manual Procedure