Additions to the section "Security Cache Mode" in the DSM Documentation.
When security cache mode is enabled, the host computer saves each validated user's details in a cache file. If the domain manager is unavailable (for example, if the server is down), the host searches the cache for the user attempting to connect. If the user exists in the cache, that is, the user has previously connected successfully, the user is validated directly against the Windows NT domain and connected.
Security caching works in conjunction with fail safe mode. By default, security cache mode is enabled. This mode is controlled by the Enable security cache host configuration policy.
Further to the information above, which can be found in the DSM Documentation, it is worth noting that The cache length is hard-coded to 10. After this it will overwrite from position 1.
The cache does not contain passwords. It only contains user names, and associated permissions, i.e. a list of people that have in the past been allowed to connect.
If the RC Manager is not contactable the cache list is used but the password must still be authenticated by the AD (or NT) Domain Controller.
The cache file is called rcfs.cache.
It's in the Application Data folder for the system account.
If the AD Domain Controller is also not contactable, then using the Failsafe option will allow connection to the machine by dropping the authentication to be Local. So an account must be entered in the Access Control List, that can be used if this happens.