Feature Request: Option to disable Pin Caching for user

Question

Feature Request: Option to disable Pin Caching for user

PalmEmanuel opened this issue 10 months ago · 7 comments

Feature Request

In a corporate environment we have the need to disallow the feature "Force PIN Caching" for users who utilize PuTTY CAC. We would like the ability to block users from being able to use the feature completely because of security reasons, as a system-wide setting for machines that install PuTTY CAC.

Feature we would like to hide / disable:

Suggested Implementation

PuTTY CAC could look for a specific registry key in the machine hive (to ensure non-admin users cannot change it), for example HKEY:/LocalMachine/Software/SimonTatham/PuTTY DisablePinCaching DWORD 1.

This would effectively make PuTTY CAC ignore the following registry value in the user registry hive and treat it as being 0:

If it's more convenient for you, we would be happy to submit a PR for it.

Answer 1 · 2024-01-29T04:27:24.000Z

@PalmEmanuel Could you try this build and let me know if you it works well for you? It should allow you to override any of the DWORD values using the same-named version under HKLM (with whatever value you wanted it forced to).

puttycac-0.80-enforced-test.zip

Answer 2 · 2024-01-29T14:45:29.000Z

It works well, thank you so much for such a quick implementation! 🙏🌟

Answer 3 · 2024-01-29T16:57:37.000Z

Great! I do see one change I need to make so please do not distribute this until we do an official release.

Answer 4 · 2024-01-29T16:58:30.000Z

Understood, thanks again! 👍

Answer 5 · 2024-04-15T23:26:39.000Z

@PalmEmanuel Can you re-test this change in this prerelease?

https://github.com/NoMoreFood/putty-cac/releases/tag/0.81

Answer 6 · 2024-04-16T10:36:34.000Z

I'll try it out and get back to you, thanks!

Answer 7 · 2024-04-17T13:53:50.000Z

Yep it works, thanks again! Looking forward to the release.