TedMac
Wed May 10 11:12:02 CDT 2006
Thanks David,
I successfully set the PasswordCacheTTL parameter for this server, however,
the site still requires the user to login every 10 minutes. There must be
another timer somewhere. Here's more detail.
The user must login to a password-prtotected site usings https. There is a
page the user can enter to communicate with other users in chat mode. In
order that all users may see what is posted, each login is refreshed every 20
seconds using the META http-equiv=REFRESH content='20' statement for the chat
frame (other frames are not refreshed). This is a Perl-based site.
This script worked properly in W2K Server and IIS 5. I've reviewed the IIS
6 settings, and tried changing the standard timeout, the CGItimeout, and now
the PasswordTTL. There must be another 600 second timer somewhere, as that's
what we measure for the login interval.
Can you point me in the correct direction?
Thank you,
Ted
"David Wang [Msft]" wrote:
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/iissdk/html/5e7f8cde-4a01-42bd-acaf-f8f7d091ef7c.asp
>
> cscript %SYSTEMDRIVE%\Inetpub\adminscripts\ADSUTIL.VBS SET
> W3SVC/1/PasswordCacheTTL <value>
>
>
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/8a7b01c9-1c92-43d4-90bd-88f2bcc9d0f6.mspx?mfr=true
>
> The documentation says what the default value is and where in the metabase
> it can set it. Should be self-explanatory as to what to do.
>
> In general, just realize the consequences of your choices.
>
> Increasing the time period of password cache also means that if user changes
> password, the old password stays stale for a similarly long period. IIS does
> not get change-notification of password change so it cannot dynamically
> invalidate the cache entry.
>
> This is all Classic Cache Design principles and tradeoffs; just reminding
> you of the facts.
>
> Similarly, increasing connection and CGI timeout may allow an application to
> stay running longer, it also allows bad-guys to maliciously consume server
> resources for a longer period, as well as let errors take longer to be
> discovered.
>
> In general, classic HTTP does not work well for your application
> requirements. The application have to employ hack to have things work, and
> that may/not always work nor be good for server
> performance/stability/security.
>
> --
> //David
> IIS
>
http://blogs.msdn.com/David.Wang
> This posting is provided "AS IS" with no warranties, and confers no rights.
> //
>
> "TedMac" <TedMac@discussions.microsoft.com> wrote in message
> news:36F16FE1-B56F-495C-B04E-D7310E14F88A@microsoft.com...
> > We have a perl-based site that has a secure chat capability. I've been
> > able
> > to edit the general IIS timeout, and the CGI timeout to acceptable values.
> > Now the site requires the user to log in every 10 minutes. Our users want
> > to
> > be able to monitor the traffic w/o interaction for exxtended periods.
> >
> > I suspect that the metatbase default parameter PasswordCacheTTL is the
> > culprit (the default value of this parameter is 600 seconds which is the
> > time
> > interval of the login requirement).
> >
> > How do I change this value to a greater delay? BTW, the Microsoft
> > documentation suggests that this parameter is present in the W3SVC section
> > of
> > the metabase: It is not. Is appears onlty in the default values.
> >
> > The sample perl scripts on the MS site do not work.
> >
> > Any suggestions or other ideas? IIS is configured with Digest
> > authentication in an AD environment, Windows 2003 server. Please respond
> > to
> > this forum and to ted@ki5u.net.
> >
> > Thanks, I'm stumped. Please be specific.
> >
> > Ted
> >
> >
> >
> >
> >
> >
> >
> >
>
>
>