Show Contents / Index / Search

Credential Cache Pane

Getting there

You can use cached credentials to manage access to network resources. Credentials are stored in an encrypted file in the Reflection for Secure IT data folder.

To add credentials to the cache you can:

  • Configure the server to record Windows credentials when users log in.
  • Manually add user credentials to the cache.

     

You can use cached credentials for any or all of the following:

  • User authentication

    This option is relevant only if users log into the server without using their Windows credentials (for example using public key authentication). Cached credentials provide these users with access to remote resources using their own Windows credentials. Without using cached credentials, users who log in with public key authentication have access to folders on local drives, but don't have access to network resources. For more information, see Record and Use Cached Credentials.

  • Mapped drives and SFTP accessible directories

    This option allows you to provide access to mapped drives and file transfer directories that wouldn't be available to a user based on that user's own Windows account privileges.

  • Domain access

    This option allows you to specify a Windows account that the server can use when it queries Windows Active Directory for user attributes and group membership. For more information, see Domain Access Pane.

 

The options are:

 

Record credentials in the cache when users log in

 

 

When this item is selected:

 

  • If a user authenticates using a Windows password, this credential is added to the cache.
  • If a user is configured to authenticate using public key authentication (or any other method that doesn't require entering Windows credentials) and there's no credential for that user in the cache, the server authenticates the user the first time by requesting a password and then adds this credential to the cache. On subsequent logins, the server authenticates the user with the public key (or other method).
  • If a user uploads a public key to the server using the Reflection for Secure IT Windows client upload utility and is prompted for a password during the upload, the credential is added to the cache at that time.

     

 

Use credentials in the cache for authentication

 

 

When this item is selected, users who authenticate using public keys (or any other authentication method that doesn't require entering Windows credentials) have access to domain resources using their own cached credentials.

Note: To enable Use credentials in the cache for authentication, you must select Record credentials in the cache when users log in. This is by design, and enables the server to update cached passwords when a password change is required.

 

Cache contents

 

Filters

Opens the Filters dialog box, which you can use to configure which credentials are listed.

You can use a filtered view to manage your stored credentials. For example, if you want to remove all credentials last used before a specified date, you can set that filter, then remove all items in the filtered list.

 

Refresh

Refresh the display to match the current contents of the cache. (The display is also updated automatically when you launch the console, open this pane, or make edits to the cache contents.)

 

Current filter

The default is All credentials. Click Filters to change this filter. You can filter the list based on allowed uses and/or the last used date.

 

User

Shows the user account name in domain\user format.

 

Last used

Shows the date this account was last used for user authentication.

Note: The Last Used date is updated when a user logs in when Use credentials in the cache for authentication is selected. It is not updated when a credential is used for mapped drives, SFTP directories, or domain access.

 

Allowed uses

Authentication
The credential can be used to provide the user with access to remote domain resources using his or her own access rights (Use credentials in the cache for authentication is selected).

SFTP Directories/Drive mapping
The credential can be used for SFTP accessible directories and mapped drives.

Domain access
The credential can be used by the server when it makes queries to Active Directory.

Related Topics

Record and Use Cached Credentials

Understanding How Credentials Affect User Access to Resources

Files Used by Reflection for Secure IT