An XCCDF Group - A logical subset of the XCCDF Benchmark
sssd-ipa
$ sudo yum install sssd-ipa
sssd
$ sudo yum install sssd
$ sudo systemctl enable sssd.service
pam
services
[sssd]
/etc/sssd/sssd.conf
[sssd] services = sudo, autofs, pam
pam_cert_auth
True
[pam]
[pam] pam_cert_auth = True
memcache_timeout
[nss]
[nss] memcache_timeout =
offline_credentials_expiration
1
[pam] offline_credentials_expiration = 1
ssh_known_hosts_timeout
[ssh]
[ssh] ssh_known_hosts_timeout =
sssd-ldap
ldap_tls_cacert
ldap_tls_cacert /path/to/tls/ca.cert
ldap_tls_cacertdir
ldap_tls_cacertdir /path/to/tls/cacert
ldap_tls_reqcert
demand
id_provider
ldap
ipa
/etc/sssd/sssd.conf.d
ldap_id_use_start_tls
true
$ sudo grep -i ldap_id_use_start_tls /etc/sssd/sssd.conf