Index: cram.install
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/cram/cram.install,v
retrieving revision 1.2.2.6
diff -u -p -r1.2.2.6 cram.install
--- cram.install	7 Mar 2008 06:22:27 -0000	1.2.2.6
+++ cram.install	7 Mar 2008 17:53:20 -0000
@@ -27,6 +27,7 @@ function cram_install() {
 function cram_uninstall() {
   db_query('DROP TABLE {cram_nonce}');
   variable_del('cram_default_enabled');
+  variable_del('cram_nonce_ttl');
 }
 
 function cram_update_1() {
Index: cram.module
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/cram/cram.module,v
retrieving revision 1.7.2.3
diff -u -p -r1.7.2.3 cram.module
--- cram.module	6 Mar 2008 22:55:16 -0000	1.7.2.3
+++ cram.module	7 Mar 2008 17:53:20 -0000
@@ -1,6 +1,8 @@
 <?php
 // $Id: cram.module,v 1.7.2.3 2008/03/06 22:55:16 freso Exp $
 
+define('CRAM_NONCE_TTL', variable_get('cram_nonce_ttl', 300));
+
 /**
  * Implementation of hook_menu().
  */
@@ -32,10 +34,33 @@ function cram_admin_settings() {
     '#default_value' => variable_get('cram_default_enabled', 0),
     '#options' => array(t('Default to insecure login'), t('Default to CRAM login')),
   );
+  $form['cram_nonce_ttl'] = array(
+    '#type' => 'select',
+    '#title' => t('Nonce TTL'),
+    '#options' => _cram_nonce_ttl_options(array(1, 2, 5, 10, 15, 30)),
+    '#default_value' => CRAM_NONCE_TTL,
+    '#description' => t('How long issued nonces should live before expiring.'),
+  );
   return system_settings_form($form);
 }
 
 /**
+ * Helper function to define the options for Nonce TTL
+ *
+ * @param $options
+ *   An array of which minute numbers should be possible to select.
+ * @return
+ *   An array usable for $form['foo']['#options']
+ */
+function _cram_nonce_ttl_options($options) {
+  $ret = array();
+  foreach ($options as $minute) {
+    $ret[60*$minute] = format_plural($minute, '1 minute', '@count minutes');
+  }
+  return $ret;
+}
+
+/**
  * Implementation of hook_auth().
  */
 function cram_auth($username, $pass, $server) {
@@ -48,7 +73,7 @@ function cram_auth($username, $pass, $se
   // check to see if we have a valid nonce
   $query = 'SELECT nonce, issued, valid FROM {cram_nonce} '.
            "WHERE nonce='%s' AND issued='%d' AND issued > '%d' AND valid <> 0";
-  if (db_num_rows(db_query($query, $nonce_array[0], $nonce_array[1], time()-60)) == 0) {
+  if (db_num_rows(db_query($query, $nonce_array[0], $nonce_array[1], time()-CRAM_NONCE_TTL)) == 0) {
     return FALSE;
   }
 
@@ -117,7 +142,7 @@ function cram_get_nonce() {
  * Implementation of hook_cron().
  */
 function cram_cron() {
-  db_query("DELETE FROM {cram_nonce} WHERE issued < '%d'", time()-60);
+  db_query("DELETE FROM {cram_nonce} WHERE issued < '%d'", time()-CRAM_NONCE_TTL);
 }
 
 /**