From: John Alton Tamplin (no email)
Date: Thu Jan 09 2003 - 16:30:01 EST
Paul M Fleming wrote:
>Timing out the passwords is simple ( I think ) I would store the time
>when the entry is added and force a reauth if the password has been
>cached longer than a timeout (for example one hour ). That forces a
>reauth at least every timeout period of time. If an entry isn't in the
>cache (or if it is different the entry would be removed and ) a reauth
>would be forced. Every successfull auth would be added to the cache.
>
>
Also, if the authentication against the cached entry fails it should be
refreshed and tried against the new one, so that if the user changes
their password the caching is transparent.
-- John A. Tamplin Unix System Administrator Emory University, School of Public Health +1 404/727-9931
|
|
|