The Ubuntu operating system must map the authenticated identity to the user or group account for PKI-based authentication.

An XCCDF Rule

Details
Profiles

Description

Without mapping the certificate used to authenticate to the user account, the ability to determine the identity of the individual user or group will not be available for forensic analysis.

ID: SV-238201r958452_rule
Version: UBTU-20-010006
Severity: High
References: CCI-000187
Updated: 3 days ago

Remediation Templates

Set "use_mappers=pwent" in "/etc/pam_pkcs11/pam_pkcs11.conf" or, if there is already a comma-separated list of mappers, add it to the list, separated by comma, and before the null mapper. 
 
If the system is missing an "/etc/pam_pkcs11/" directory and an "/etc/pam_pkcs11/pam_pkcs11.conf", find an example to copy into place and modify accordingly at "/usr/share/doc/libpam-pkcs11/examples/pam_pkcs11.conf.example.gz".

The Ubuntu operating system must map the authenticated identity to the user or group account for PKI-based authentication.

Description

Remediation Templates

A Manual Procedure