mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-11-28 14:11:10 +01:00
Code Issues Projects Releases Wiki Activity

changes from feedback

Browse Source
This commit is contained in:
Becca Petrin 2019-04-26 16:31:11 -07:00
parent a88b4a76c5
commit 1f880f85a5
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
website/source/api/secret/ad/index.html.md
View File

@ -48,11 +48,12 @@ text that fulfills those requirements. `{{PASSWORD}}` must appear exactly once a
### Other parameters
* `last_rotation_tolerance` (string, optional) - Active Directory often shows a "pwdLastSet" time after Vault's because it takes
* `last_rotation_tolerance` (string, optional) - Tolerance duration to use when checking the last rotation time.
Active Directory often shows a "pwdLastSet" time after Vault's because it takes
a while for password updates to be propagated across a large cluster. By default, if Active Directory's last rotation time is
within 5 seconds of Vault's, Vault considers itself to have been the last entity that rotated the password. However, if it's been
more than 5 seconds, Vault thinks that something rotated the password out-of-band, and re-rotates it so it will "know" it and be
able to continue returning it. This may be too high for larger Active Directory clusters, and too low for smaller ones.
able to continue returning it. This may be too low for larger Active Directory clusters, and too high for smaller ones.
## Config management