Re: Authentication Caching
- From: "David" <dcraige27**@**verizon**dot**net>
- Date: Thu, 13 Nov 2008 10:33:58 -0500
The answer to your question regarding Windows 2003 DC caching the previous password is no. Once the password is changed in active directory, AD will go by the current password for any application that queries AD for authentication.
It sounds like an issue with the Linux or Apache config. If you have the LDAP cache on the linux/Apache machine set for 600s, does it accept your new password after 10 minutes?
You might need to post this question to an Apache or Linux list.
Good luck.
--
Take care,
David
http://dcraige27.blogspot.com
"Adrian Marsh (NNTP)" <adrian.marsh@xxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:#Bksr4ORJHA.1908@xxxxxxxxxxxxxxxxxxxxxxx
Hi All,
I need to check something very basic. When using a 2003 DC for Authentication, does the system allow a setting for permitting the last password as "good" for a period of time?
Heres why, I have Apache on a linux machine authenticating users via LDAP. Its set to cache for 600s, so I dont overload the server unnecassarily.
However, if I change my password on my PC, close my browser, and log back in, and then goto the site, I get prompted (new session) by Apache. If I enter my old password, it still gets the "ok" from the DC and allows me access. Which isnt what I expected or wanted. If I close the browser, repeat and use the new password, it also authenticates ok. Using any other passwords fail.
So is there a cache somewhere on the LDAP service in the DC ?
Thanks,
Adrian
.
- Follow-Ups:
- Re: Authentication Caching
- From: Adrian Marsh (NNTP)
- Re: Authentication Caching
- References:
- Authentication Caching
- From: Adrian Marsh (NNTP)
- Authentication Caching
- Prev by Date: Re: Start Menu and Desktop not available for off-line users
- Next by Date: Moving KMS to a new box
- Previous by thread: Authentication Caching
- Next by thread: Re: Authentication Caching
- Index(es):
Relevant Pages
|
