Two-Step Authentication Cache

Client two-step authentication cache

Two cache modes are supported, the OpenVPN cache and Pritunl Client cache. The OpenVPN mode will cache secondary authentication on all OpenVPN clients including the Pritunl Client. This allows clients to reconnect to the server without two-step authentication when a connection is lost. The cache uses several variables to determine the client is the same. These include the clients public IP address, MAC address, random device ID, random device name and the two-factor passcode.

The Pritunl Client mode is a two day authentication cache that only supports the Pritunl Client. This uses an in memory only authentication token that is stored in the client background service process. If the client background service is closed or the computer is rebooted this token will not exist on the computers disk. This allows reconnecting without secondary authentication for two days.

Disable Cache

The commands below will disable all authentication cache.

pritunl set app.sso_cache false
pritunl set app.sso_client_cache false

Timeouts

The timeout for the two-step authentication can be set in seconds using the commands below.

pritunl set app.sso_cache_timeout 28800
pritunl set app.sso_client_cache_timeout 172800