OL 8 must prohibit the use of cached authentications after one day.
An XCCDF Rule
Description
If cached authentication information is out of date, the validity of the authentication information may be questionable. OL 8 includes multiple options for configuring authentication, but this requirement will focus on the System Security Services Daemon (SSSD). By default, SSSD does not cache credentials.
- ID
- SV-248710r958828_rule
- Version
- OL08-00-020290
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Configure the SSSD to prohibit the use of cached authentications after one day.
Add or change the following line in "/etc/sssd/sssd.conf" just below the line "[pam]".
offline_credentials_expiration = 1