difference between mavis cache timeout and mavis noauthcache
#160
-
|
Hi, Looking for some clarification on the following settings
Cache MAVIS authentication data for s seconds. If s is set to a value smaller than 11, the dynamic user object is valid for the current TACACS+ session only. Default is 120 seconds.
Disables password caching for MAVIS modules. What constitutes Thanks! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Hi, a user object summarizes authentication data and authorization data for a user. Authentication data is mostly passwords, and the "noauthcache" option will keep the daemon from caching and re-using passwords confirmed by the MAVIS backend. The "cache timeout" option can be used if you need to skip (or limit) caching all data that may be found in a MAVIS-derived user object. This can be useful if the information a (likely custom) MAVIS backend returns for a users doesn't cover all user roles but is generated individually per request, e.g. by basing group memberships on device IP address. Cheers, Marc |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the clarification |
Beta Was this translation helpful? Give feedback.
Hi,
a user object summarizes authentication data and authorization data for a user. Authentication data is mostly passwords, and the "noauthcache" option will keep the daemon from caching and re-using passwords confirmed by the MAVIS backend.
The "cache timeout" option can be used if you need to skip (or limit) caching all data that may be found in a MAVIS-derived user object. This can be useful if the information a (likely custom) MAVIS backend returns for a users doesn't cover all user roles but is generated individually per request, e.g. by basing group memberships on device IP address.
Cheers,
Marc