UBTU-18-010030 - The Ubuntu operating system must be configured such that Pluggable Authentication Module (PAM) prohibits the use of cached authentications after one day - /etc/sssd/conf.d/*

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

If cached authentication information is out-of-date, the validity of the authentication information may be questionable.

Solution

Configure Pluggable Authentication Module (PAM) to prohibit the use of cached authentications after one day. Add or change the following line in '/etc/sssd/sssd.conf' just below the line '[pam]'.

offline_credentials_expiration = 1

Note: It is valid for this configuration to be in a file with a name that ends with '.conf' and does not begin with a '.' in the /etc/sssd/conf.d/ directory instead of the /etc/sssd/sssd.conf file.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_CAN_Ubuntu_18-04_LTS_V2R4_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(13), CAT|III, CCI|CCI-002007, Rule-ID|SV-219163r610963_rule, STIG-ID|UBTU-18-010030, STIG-Legacy|SV-109657, STIG-Legacy|V-100553, Vuln-ID|V-219163

Plugin: Unix

Control ID: f322412a359e0db09f495fb6bee001a4863b1fc5787554c9324fdc13203b0ba9