ACS doesnt cache passwords. Everytime, the authentication requests goes to the LDAP server. In case of Microsoft AD, this is a AD feature. It allows authentication for certain period of time. Default lifetime period for an old password is 60 minutes. more details at https://support.microsoft.com/en-us/kb/906305
~Rajani On Mon, Oct 26, 2015 at 8:00 PM, Rene Moser <[email protected]> wrote: > ACS 4.5.1 > > Hi > > We discovered an issue which can be security relevant and may also exist > in 4.6. > > We use LDAP for user authentication, once a user is authenticated, it > seems this password will be cached on cloudstack management. > > If the password has been changed on LDAP, the old password(s) still > works for authentication unless you restart the management server. > > We didn't find a global setting related to this. Is this wanted? > > Otherwise I would create a bug report. > > Yours > René > > > >
