|
|
|
|
|
|
by gunapologist99
679 days ago
|
|
|
Not exactly. Yes, the certs expire, so they can't log in again, but existing sessions are not terminated. With Userify, sessions (like tmux or screen) actually get terminated within seconds when the user's access is removed. That doesn't happen at all with certificates. If someone's certificate expires, but they're still logged in, they'll stay logged in, because there is no mechanism to kill their session (and they can channel all kinds of things over their logged-in session). That's an absolute nightmare for compliance. |
|
|
Probably the best one could do out of the box is set an 8 hour session limit or so?