An XCCDF Group - A logical subset of the XCCDF Benchmark
sssd
$ sudo dnf install sssd
$ sudo systemctl enable sssd.service
certificate_verification
ocsp_dgst=
certmap/testing.test/rule_name
/etc/sssd/sssd.conf
[certmap/testing.test/rule_name] matchrule =<SAN>.*EDIPI@mil maprule = (userCertificate;binary={cert!bin}) domains = testing.test
pam_cert_auth
True
[pam]
[pam] pam_cert_auth = True
offline_credentials_expiration
1
[pam] offline_credentials_expiration = 1