Dear Beta Community,
our customer is using a virtual Beta Version with 9.193-11, since 2 years he uses a hardware OTP solution from pointsharp, he uses it for sslvpn on the UTM.
He needs the reverse authentication feature of the Web Application Firewall, WAF.
We did the following:
Users&Groups: We have defined one User, which is remotely authenticated.
AuthServices\Servers: a Radius Server which uses/checks against the OTP pointsharp system
Webserver Protection:
Sitepath Routing\Advanced: "sticky session cookie" and "enable hot standby" are diabled
Reverse Authentication: Fronted & Backend Mode are basic
This happens when a user log's in a second time within the session lifetime:
When the user with external OTP authentication tries to reconnect (e.g. if his webbrowser crashes) within the session lifetime limit of the WAF Profile, the UTM uses the "old" cached password. But the users uses the new password which is displayed on his hardware token. So Login fails with this error:
2014:02:10-16:15:03 utm9beta reverseproxy: [Mon Feb 10 16:15:03.429522 2014] [authn_aua:error] [pid 21865:tid 3786275696] [client x.x.x.x:49448] found cache entry for user '***' but password '***' given by client is not correct
2014:02:10-16:15:0 3 utm9beta reverseproxy: [Mon Feb 10 16:15:03.429545 2014] [auth_basic:error] [pid 21865:tid 3786275696] [client x.x.x.x:49448] AH01617: user ***: authentication failure for "/": Password Mismatch
How can I disable the caching of the password in the WAF e.g. by manually editing a config file on the ssh shell ?
Best regards,
Karsten Laskowski
