Microsoft KB Archive/840582

= BUG: The User-Password TTL configuration parameter for the Siteauth.dll component does not work correctly =

Article ID: 840582

Article Last Modified on 5/21/2007

-

APPLIES TO


 * Microsoft Commerce Server 2002 Standard Edition
 * Microsoft Commerce Server 2002 Service Pack 2

-





SUMMARY
''When you use the Microsoft Commerce Server 2000 or the Microsoft Commerce Server 2002 Authentication Filter with Windows authentication, the Active Directory directory service or local Windows account settings do not take effect. Upon disabling an account, the Siteauth.dll component does not appear to honor user-password TTL.''



SYMPTOMS
You can still log on with a disabled account, you may be able to use a previous password, or other user account settings do not reflect the most current data when you use the Commerce Server 2000 or the Commerce Server 2002 Authentication Filter with Windows authentication.



CAUSE
This problem occurs because Microsoft Internet Information Services (IIS) security token cache settings are incorrect.



RESOLUTION
To resolve this problem, follow these steps:  Set the  registry parameter to a low value. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

152526 Changing the default interval for user tokens in IIS

 Configure the CS Authentication Resource properties. To do this, follow these steps:  Expand Commerce Server Manager, and then click Global Resources. In the right pane, right-click CS Authentication resource, where  is the name of the site that you are configuring, and then click Properties. The CS Authentication Properties dialog box appears. In the Properties box, click the User-Password TTL property. In the Selected Property Value box, type a low value such as 5 (minutes), and then click OK.</ol> </li></ol>

<div class="status_section">

STATUS
This behavior is by design.

<div class="moreinformation_section">

MORE INFORMATION
For more information about how to configure UserTokenTTL, click the following article number to view the article in the Microsoft Knowledge Base:

152526 Changing the default interval for user tokens in IIS

For more information, visit the following Microsoft Developer Network (MSDN) Web site:

Configuring the CS Authentication resource

http://msdn2.microsoft.com/en-us/library/ms943820.aspx

Note The  regustry parameter will only be used for CS Windows authentication, and the authfltr filer must be in use. If the authfltr filer is not used, this parameter will not be recognized, and the password cache configuration will not be affected by the parameter.

Keywords: kbfix kbqfe kbbug KB840582

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.