Authentication Settings

In Authentication Settings of Global Properties> Remote Access> Endpoint Connect, you can enable a password cache and define timeouts for password retention and re-authentication.

To configure authentication settings:

• Enable password caching

  • No (default) requires users to enter a password whenever they connect.

  • Yesretains the user password in a cache for a specified period.

• Cache password for - Password retention period in minutes (default = 1440), if password caching is enabled.

Note - For security reasons, the cache is cleared when the user explicitly disconnects, even if the cache period has not ended. The cache is useful for re-authentications and automatic connections triggered by the Always-Connect feature.

• Re-authenticate - Authentication timeout in minutes (default is 480 minutes), after which users must re-authenticate the current connection.

  By default the re-authentication warning shows five minutes before the authentication timeout expires. To change the time, use the reauth_grace_period parameter in the file on the Security Gateway or in the trac.defaults (refer to The Configuration File):

  trac_client_1.ttm

  Copy

  :reauth_grace_period (
      :gateway (
          :default (10)
      )
  ) 

  trac.defaults

  reauth_grace_period

  INT

  10

  GW_USER

  0

  The Re-authentication warning window does not show:

  • Earlier that two minutes from the VPN session start

  • Later than five minutes before the VPN session ends

  If the administrator defines incorrect values, the default "five minutes" is used.

Caching and OneCheck User Settings - In SmartEndpoint-managed clients, if you have OneCheck User Settings enabled, see the OneCheck User Settings in the Endpoint Security Administration Guide.