diff --git a/manifests/application.pp b/manifests/application.pp
index 0262ca1..5f1d174 100644
--- a/manifests/application.pp
+++ b/manifests/application.pp
@@ -93,6 +93,9 @@
       $auxprop_package = $::sasl::auxprop_packages[$auxprop_plugin]
       ensure_packages([$auxprop_package])
       Package[$auxprop_package] -> File[$service_file]
+      if $auxprop_plugin == 'sasldb' {
+        ensure_packages([$::sasl::sasldb_package])
+      }
     }
     'saslauthd': {
       # Require saslauthd if that's the method
diff --git a/manifests/authd.pp b/manifests/authd.pp
index a7e738a..8fbd221 100644
--- a/manifests/authd.pp
+++ b/manifests/authd.pp
@@ -80,6 +80,9 @@
   String                                              $service_name            = $::sasl::params::saslauthd_service,
   Stdlib::Absolutepath                                $socket                  = $::sasl::params::saslauthd_socket,
   Boolean                                             $hasstatus               = $::sasl::params::saslauthd_hasstatus,
+  Boolean                                             $credcache               = $::sasl::params::saslauthd_credcache,
+  Optional[Integer[0]]                                $credcache_timeout       = undef,
+  Optional[Integer[0]]                                $credcache_size          = undef,
   # ldap
   Optional[Stdlib::Absolutepath]                      $ldap_conf_file          = $::sasl::params::saslauthd_ldap_conf_file,
   Optional[Enum['bind', 'custom', 'fastbind']]        $ldap_auth_method        = undef,
diff --git a/manifests/authd/config.pp b/manifests/authd/config.pp
index 6ec152c..c2bc170 100644
--- a/manifests/authd/config.pp
+++ b/manifests/authd/config.pp
@@ -4,6 +4,9 @@
   $socket                  = $::sasl::authd::socket
   $mechanism               = $::sasl::authd::mechanism
   $threads                 = $::sasl::authd::threads
+  $credcache               = $::sasl::authd::credcache
+  $credcache_timeout       = $::sasl::authd::credcache_timeout
+  $credcache_size          = $::sasl::authd::credcache_size
   $ldap_conf_file          = $::sasl::authd::ldap_conf_file
   $ldap_auth_method        = $::sasl::authd::ldap_auth_method
   $ldap_bind_dn            = $::sasl::authd::ldap_bind_dn
@@ -54,6 +57,18 @@
     default => '',
   }
 
+  if $credcache {
+    $credcache_opt = '-c'
+  }
+
+  if $credcache_timeout {
+    $credcache_timeout_opt = "-t ${credcache_timeout}"
+  }
+
+  if $credcache_size {
+    $credcache_size_opt = "-s ${credcache_size}"
+  }
+
   case $facts['os']['family'] {
     'RedHat': {
       if size($_mech_options) > 0 {
diff --git a/manifests/params.pp b/manifests/params.pp
index b8c4590..0963a9f 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -5,6 +5,7 @@
   $saslauthd_service        = 'saslauthd'
   $saslauthd_ldap_conf_file = '/etc/saslauthd.conf'
   $saslauthd_threads        = 5
+  $saslauthd_credcache      = true
 
   case $facts['os']['family'] {
     'RedHat': {
diff --git a/templates/default.erb b/templates/default.erb
index ebdc2e7..5804e07 100644
--- a/templates/default.erb
+++ b/templates/default.erb
@@ -6,4 +6,4 @@ NAME="saslauthd"
 MECHANISMS="<%= @mechanism %>"
 MECH_OPTIONS="<%= @mech_options %>"
 THREADS=<%= @threads %>
-OPTIONS="-c -m <%= @socket %>"
+OPTIONS="<%= @credcache_opt %> <%= @credcache_timeout_opt %> <%= @credcache_size_opt %> -m <%= @socket %>"
diff --git a/templates/sysconfig.erb b/templates/sysconfig.erb
index 30d70ee..7ddecb2 100644
--- a/templates/sysconfig.erb
+++ b/templates/sysconfig.erb
@@ -2,4 +2,4 @@
 
 SOCKETDIR="<%= @socket %>"
 MECH="<%= @mechanism %>"
-FLAGS="<%= @flags %>"
+FLAGS="<%= @flags %> <%= @credcache_opt %> <%= @credcache_timeout_opt %> <%= @credcache_size_opt %>"