SLES-12-010670 - If Network Security Services (NSS) is being used by the SUSE operating system it must prohibit the use of cached authentications after one day.

Information

If cached authentication information is out of date, the validity of the authentication information may be questionable.

Solution

Configure NSS, if used by the SUSE operating system, to prohibit the use of cached authentications after one day.

Add or change the following line in '/etc/sssd/sssd.conf' just below the line '[nss]':

memcache_timeout = 86400

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SLES_12_V2R13_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(13), CAT|II, CCI|CCI-002007, Rule-ID|SV-217166r854094_rule, STIG-ID|SLES-12-010670, STIG-Legacy|SV-91879, STIG-Legacy|V-77183, Vuln-ID|V-217166

Plugin: Unix

Control ID: 8c0c11c7a9818f4be0520eb4e19b6b86a84794c42900a83e35e57584321c6c76