{{{ oval_metadata("SSSD should be configured to expire offline credentials after 1 day.", rule_title=rule_title) }}} {{% if product in ["ol8", "ol9"] or 'rhel' in product %}} {{% endif %}} {{% if product == 'rhel8' %}} /etc/sssd/sssd.conf {{% else %}} ^\/etc\/sssd\/(sssd.conf|conf\.d\/.+\.conf)$ {{% endif %}} ^[\s]*\[pam](?:[^\n\[]*\n+)+?[\s]*offline_credentials_expiration[\s]*=[\s]*(\d+)\s*(?:#.*)?$ 1 1 {{% if product in ["ol8", "ol9"] or 'rhel' in product %}} {{% if product == 'rhel8' %}} /etc/sssd/sssd.conf {{% else %}} ^\/etc\/sssd\/(sssd.conf|conf\.d\/.+\.conf)$ {{% endif %}} ^[\s]*cache_credentials\s*=\s*(\w+)\s*(?:#.*)?$ 1 false {{% endif %}}