Configure SSSD LDAP Backend Client CA Certificate
An XCCDF Rule
Description
Configure SSSD to implement cryptography to protect the integrity of LDAP remote access sessions. By setting the
ldap_tls_cacertoption in
/etc/sssd/sssd.confto point to the path for the X.509 certificates used for peer authentication.
ldap_tls_cacert /path/to/tls/ca.cert
warning alert: Warning
A remediation is not provided for this rule as each system has unique requirements.
Rationale
Without cryptographic integrity protections, information can be altered by
unauthorized users without detection.
Cryptographic mechanisms used for
protecting the integrity of information include, for example, signed hash
functions using asymmetric cryptography enabling distribution of the public key
to verify the hash information while maintaining the confidentiality of the key
used to generate the hash.
- ID
- xccdf_org.ssgproject.content_rule_sssd_ldap_configure_tls_ca
- Severity
- Medium
- References
- Updated