Detections
Analytics

1.193 OL08-00-020290

Information

OL 8 must prohibit the use of cached authentications after one day.

GROUP ID: V-248710
RULE ID: SV-248710r958828

If cached authentication information is out of date, the validity of the authentication information may be questionable.

OL 8 includes multiple options for configuring authentication, but this requirement will focus on the System Security Services Daemon (SSSD). By default, SSSD does not cache credentials.

Solution

Configure the SSSD to prohibit the use of cached authentications after one day.

Add or change the following line in "/etc/sssd/sssd.conf" just below the line "[pam]".

offline_credentials_expiration = 1

See Also

https://workbench.cisecurity.org/benchmarks/23791

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(13), CAT|II, CCI|CCI-002007, Rule-ID|SV-248710r958828_rule, STIG-ID|OL08-00-020290, Vuln-ID|V-248710

Plugin: Unix

Control ID: 4fc7a37a6ef3ea791d5cf7c5c3750bb1542b8b5f30421eecdfd9b1886d2d4fda