RHEL 9 must prohibit the use of cached authenticators after one day.

An XCCDF Rule

Description

If cached authentication information is out-of-date, the validity of the authentication information may be questionable.

ID: SV-258133r1045263_rule
Version: RHEL-09-631020
Severity: Medium
References: CCI-002007
Updated: about 2 months ago

Remediation Templates

Configure the SSSD to prohibit the use of cached authentications after one day.

Edit the file "/etc/sssd/sssd.conf" or a configuration file in "/etc/sssd/conf.d" and add or edit the following line just below the line [pam]:

offline_credentials_expiration = 1