Re: Authentication Caching
- From: "Adrian Marsh (NNTP)" <adrian.marsh@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 13 Nov 2008 16:55:03 +0000
David wrote:
The answer to your question regarding Windows 2003 DC caching the previous password is no. Once the password is changed in active directory, AD will go by the current password for any application that queries AD for authentication.
It sounds like an issue with the Linux or Apache config. If you have the LDAP cache on the linux/Apache machine set for 600s, does it accept your new password after 10 minutes?
You might need to post this question to an Apache or Linux list.
Good luck.
Hi David,
Yes have already posted to the openldap group. I had come to the same conclusion myself. So just to be clear, theres no "remembering" old passwords (except for denying password duplication on change) for Authentication?
There is caching turned on, but even after 30mins the old passwords work fine. Even if I stop/start httpd completely. But the original (1 of 3 password switches) did stop working after about 50mins. So I'm still trying to research.
It has the same effect with a Disabled account. If I disable the account, I can still login using the old password. However if I kick Apache at this point, afterwards I cant. So its very confusing whats going on.
.
- Follow-Ups:
- Re: Authentication Caching
- From: David
- Re: Authentication Caching
- References:
- Authentication Caching
- From: Adrian Marsh (NNTP)
- Re: Authentication Caching
- From: David
- Authentication Caching
- Prev by Date: Re: RDP strangeness
- Next by Date: RE: Moving KMS to a new box
- Previous by thread: Re: Authentication Caching
- Next by thread: Re: Authentication Caching
- Index(es):
Relevant Pages
|
