cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rajani Karuturi <raj...@apache.org>
Subject Re: Authentication with old LDAP passwords
Date Tue, 27 Oct 2015 05:55:02 GMT
ACS doesnt cache passwords. Everytime, the authentication requests goes to
the LDAP server.
In case of Microsoft AD, this is a AD feature. It allows authentication for
certain period of time. Default lifetime period for an old password is 60
minutes.
more details at https://support.microsoft.com/en-us/kb/906305

~Rajani

On Mon, Oct 26, 2015 at 8:00 PM, Rene Moser <mail@renemoser.net> wrote:

> ACS 4.5.1
>
> Hi
>
> We discovered an issue which can be security relevant and may also exist
> in 4.6.
>
> We use LDAP for user authentication, once a user is authenticated, it
> seems this password will be cached on cloudstack management.
>
> If the password has been changed on LDAP, the old password(s) still
> works for authentication unless you restart the management server.
>
> We didn't find a global setting related to this. Is this wanted?
>
> Otherwise I would create a bug report.
>
> Yours
> René
>
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message