Ubuntu 24.04 LTS must map the authenticated identity to the user or group account for PKI-based authentication.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| high | V-270736 | SRG-OS-000068-GPOS-00036 | UBTU-24-400370 | SV-270736r1066697_rule | 2025-02-18 | 1 |
| Description |
|---|
| Without mapping the certificate used to authenticate to the user account, the ability to determine the identity of the individual user or group will not be available for forensic analysis. |
| ℹ️ Check |
|---|
| Verify that authenticated certificates are mapped to the appropriate user group in the "/etc/sssd/sssd.conf" file with the following command: $ grep -i ldap_user_certificate /etc/sssd/sssd.conf ldap_user_certificate=userCertificate;binary |
| ✔️ Fix |
|---|
| Configure sssd to map authenticated certificates to the appropriate user group by adding the following line to the "/etc/sssd/sssd.conf" file: ldap_user_certificate=userCertificate;binary |