SSH

Password Cache

The Password Cache feature is for users who use public-key authentication to log on to Tectia Server on Windows and want to access network resources, for example, shared folders.

When enabled, the password cache stores users' passwords every time they log on to Tectia Server on Windows using password or keyboard-interactive password authentication.

When a user whose password is stored in the cache, logs on using public-key authentication, the password is taken from the cache and used for the logon. The password authentication is performed after the public-key authentication has been successfully completed. From operating system point of view, the user has been logged on using password, and this allows the user to access network resources.

The passwords are stored in encrypted format.

Tectia Server Configuration - Password Cache page

Figure 4.9. Tectia Server Configuration - Password Cache page

To view a list of user names whose passwords are stored in the cache, on the Password Cache page, click Show. To update the list, click Refresh.

To export the current password cache into an external encrypted file:

  1. Click Export. The Export Password Database dialog box opens.

    Exporting a password database

    Figure 4.10. Exporting a password database

  2. Enter the path to the Password database file you want to export the password cache to. The file must reside on a local drive. Existing files will not be overwritten, so if you enter the name of an existing file, the export will fail.

  3. Enter the Password that will be used to protect the exported password database file. Tectia enforces the use of strong passwords for the password cache export and import functions. Instead of explicit password requirements, we use a "password class" system. For example, a password that consists of eight unique characters from three different character classes or a password of eleven unique characters from two character classes are deemed strong enough. The character classes are: digits, lower-case letters, upper-case letters, and other characters. When calculating the number of different character classes, upper-case letters used as the first character and digits used as the last character of a password are ignored.

  4. Retype password: Type the password again to ensure you have not made a typing error.

  5. Click Start. The export operation starts. You will see a notification once the operation has completed.

To import a previously exported password database from an external encrypted file:

  1. Click Import. The Import Password Database dialog box opens.

    Importing a password database

    Figure 4.11. Importing a password database

  2. Enter the path to the Password database file you want to import. The file must reside on a local drive.

    [Caution]Caution

    The passwords of user names that already exist in the current password cache will be overwritten by those in the imported password database file.

  3. Enter the Password that protects the password database file you want to import.

  4. Click Start. The import operation starts.

To remove passwords from the cache, select the user name(s) from the list and click Remove. The removal cannot be undone (but the password can be cached again by logging on using password authentication).

Password cache file

The password cache must be on local file system since the Tectia Server process must have access to it. The default cache file location is <INSTALLDIR>\SSH Tectia Server\sshpwcache.db. You can freely choose any other file location and name.

You can enable or disable the password cache for each authentication rule separately. By default, the password cache is disabled. For more information, see Parameters.