The Cache Password Expiry setting is designed to help you avoid slight delays when logging on. The delays may occur when using Windows User Authentication as the log on details in ClearSCADA have to be compared to the corresponding Windows User Profile, which requires ClearSCADA to communicate with the Windows Server. Depending on the speed of your network connections and the PCs being used, this can cause a short delay as ClearSCADA has to negotiate encryption and the Windows Server has to check the user details and password match those of the corresponding User Profile in Windows. Typically, such delays are a matter of milliseconds.
With Windows User Authentication, every connection from ClearSCADA to the Windows Server has to be verified. Communicating with the Windows Server for every connection can introduce unnecessary delays, so to avoid these delays, ClearSCADA uses a cache.
NOTE: Any changes that are made to a user account are only applied within ClearSCADA after the Cache Password Expiry time has elapsed.
For added security, the verified user details and password are only stored in the cache for a set amount of time, defined by the Cache Password Expiry setting. If ClearSCADA only used the cached details until the user logged off, any changes to the user account would not be applied until the user logged off. For example, if an IT administrator wanted to disable a user account through Windows, and that user was already logged on, the account would not be disabled until the user logged off. The Cache Password Expiry feature means ClearSCADA can avoid this situation by clearing the cache at regular intervals.
By default, the Cache Password Expiry is 150 seconds. You may need to increase this amount if you are experiencing small delays when logging on or displaying Mimics, Lists,and so on. However, if you do increase the Cache Password Expiry time, you need to be aware that any changes to user accounts will not take effect until after the expiry time has elapsed.
If the user account changes you make in Windows are taking too long to be applied to the corresponding ClearSCADA user accounts, you may need to reduce the Cache Password Expiry time.
To change the Cache Password Expiry time:
- Display the Server Configuration Tool and log on if required (see Accessing the ClearSCADA Server Configuration Tool in the ClearSCADA Guide to Server Administration).
- Expand the System Configuration branch.
- Select the Security entry.
- In the Windows User Authentication section, select the Enabled check box (if it is not already selected). If the check box is clear, the Windows User Authentication feature is disabled and you will not be able to define the Cache Password Expiry time.
- In the Cache Password Expiry field, enter the required number of seconds. The default amount is 150.
- Apply the changes to the server.
When you have enabled the Windows User Authentication feature, defined the Windows Domain and Cache Password Expiry settings, the Windows User Authentication process is ready to use. It is applied to every ClearSCADA user account that is configured to use Windows User Authentication.
NOTE: The Windows User Authentication feature can only authenticate user accounts in trusted domains.
Further Information
Using Windows User Authentication with ClearSCADA