UCF STIG Viewer Logo

The Photon operating system must prohibit the use of cached authenticators after one day.


Overview

Finding ID Version Rule ID IA Controls Severity
V-239137 PHTN-67-000066 SV-239137r675219_rule Medium
Description
If cached authentication information is out of date, the validity of the authentication information may be questionable.
STIG Date
VMware vSphere 6.7 Photon OS Security Technical Implementation Guide 2022-06-17

Details

Check Text ( C-42348r675217_chk )
At the command line, execute the following command:

# /opt/likewise/bin/lwregshell list_values "HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory"|grep "CacheEntryExpiry"

If the value returned is not 14400 or less, this is a finding.
Fix Text (F-42307r675218_fix)
At the command line, execute the following command:

# /opt/likewise/bin/lwregshell set_value "[HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory]" CacheEntryExpiry 14400