Disable all caching of passwords on Linux hosts
03-16-2012 01:26 PM
I recently changed my password in Active Directory. When I try to login from a Linux (Centos 5.7) system with Centrify Express, I get access denied with the new password. The old one works fine.?!
From a security perspective, I don't want passwords cached at all which I think will fix both of these issues.
I've tried changing a parameter in /etc/centrify/centrifydc.conf (adclient.cache.object.lifetime from 0 to 1) and restarted centrifydc and ran adflush. Still no change.
Solved! Go to Solution.
03-16-2012 03:03 PM
We only cache password hash for offline use only, as long as the machine has connectivity and able to talk to Domain Controllers this situation should not arise. Is your machine in disconnected mode ? What does adinfo say ? Does this happen very frequently across several machines in your environment.
Would you be able to generate a debug log with this scenarion and send it to me at email@example.com