RHEL 8 must prohibit the use of cached authentications after one day.
An XCCDF Rule
Description
If cached authentication information is out-of-date, the validity of the authentication information may be questionable. RHEL 8 includes multiple options for configuring authentication, but this requirement will be focus on the System Security Services Daemon (SSSD). By default sssd does not cache credentials.
- ID
- SV-230376r958828_rule
- Version
- RHEL-08-020290
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Configure the SSSD to prohibit the use of cached authentications after one day.
Add or change the following line in "/etc/sssd/sssd.conf" just below the line "[pam]".
offline_credentials_expiration = 1