Change the Cached Password Expiry Associated with External Authentication
The Cached Password Expiry setting is designed to help you avoid slight delays when logging on. The delays may occur when using External Authentication as the log on details in Geo SCADA Expert have to be compared to the corresponding Windows or LDAP User Profile. This verification requires Geo SCADA Expert to communicate with the Windows server or LDAP (Lightweight Directory Access Protocol) server (an LDAP server is also called a 'Directory System Agent' (DSA)). Depending on the speed of your network connections and the PCs being used, this can cause a short delay as Geo SCADA Expert has to negotiate encryption and the Windows/LDAP server has to check whether the user details and password match those of the corresponding User Profile in Windows/LDAP. Typically, such delays are a matter of milliseconds.
With External Authentication, every connection from a client (such as ViewX) to Geo SCADA Expert has to be verified with the Windows/LDAP server. Communicating with the Windows/LDAP Server for every connection can introduce unnecessary delays, so to avoid these delays, Geo SCADA Expert uses a cache.
Any changes that are made to a user account are only applied within Geo SCADA Expert after the Cached Password Expiry time has elapsed.
For added security, the verified user details and password are only stored in the cache for a set amount of time, defined by the Cached Password Expiry setting. If Geo SCADA Expert only used the cached details until the user logged off, any changes to the user account would not be applied until the user logged off. For example, if an IT administrator wanted to disable a user account through Windows/LDAP, and that user was already logged on, the account would not be disabled until the user logged off. The Cached Password Expiry feature means Geo SCADA Expert can avoid this situation by clearing the cache at regular intervals.
By default, the Cached Password Expiry is 150 seconds. You may have to increase this amount if you are experiencing small delays when logging on or displaying Mimics, Lists, and so on. However, if you do increase the Cache Password Expiry time, be aware that any changes to user accounts will not take effect until after the expiry time has elapsed.
If the user account changes you make in Windows/LDAP are taking too long to be applied to the corresponding Geo SCADA Expert user accounts, you may need to reduce the Cache Password Expiry time.
To change the Cache Password Expiry time:
- Display the Server Configuration Tool and log on if required.
- Expand the System Configuration branch.
- Select the External Authentication entry.
- In the Cached Password Expiry field, enter the required number of seconds. The default amount is 150.
- You can extend the Cached Password Expiry time if the connection to the Windows/LDAP server fails. To do this, enter a value in the Connection Failure Cached Password Expiry field that is at least as much as the Cached Password Expiry value. For example, if the Cached Password Expiry value is 150 seconds, enter a value of 150 seconds or higher. To disable this feature, enter a value of 0 seconds in the Connection Failure Cached Password Expiry field. The default value is 0 seconds. (If the feature is disabled, users will only be able to log on to Geo SCADA Expert via ViewX or Virtual ViewX when Geo SCADA Expert is able to establish a valid connection to the Windows/LDAP server and establish that the user's credentials are valid.)
- Apply the changes to the server.
Further Information
Setting Up Security for Virtual ViewX and Original WebX Clients.