|
|
Tony wrote: > > I (sometimes, depends on my current mood) find it a bit inconvinient too. > But sometimes I use this [mis]feature as a time reminder. > > Now seriously: I believe this must be controllable|configurable. In my > case I deliberately switched off all the caching in the Aladdin's token > manager software. I believe if I turn this caching on I will not see these > hourly PIN|passphrase requests. I'm yet to try this, though. > Certainly my experience with SecurID cards with other network products (e.g. Cisco VPN client) is that the OTK check only occurs *once* - then you are authenticated for the length of your session - whether it be 10 minutes or 10 weeks. There is a downside of course. If the user is logged in, and then you FIRE THEM and disable their SecurID card - their VPN session keeps working - as they don't have to reverify themselves. Of course, that sort of corner-case is easily dealt with via a manual session disconnect/restart the server. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users |