Configure SSSD LDAP Backend Client CA Certificate

An XCCDF Rule

Description

Configure SSSD to implement cryptography to protect the integrity of LDAP remote access sessions. By setting the

ldap_tls_cacert

option in

/etc/sssd/sssd.conf

to point to the path for the X.509 certificates used for peer authentication.

ldap_tls_cacert /path/to/tls/ca.cert

warning alert: Warning

A remediation is not provided for this rule as each system has unique requirements.

Rationale

Without cryptographic integrity protections, information can be altered by unauthorized users without detection.

Cryptographic mechanisms used for protecting the integrity of information include, for example, signed hash functions using asymmetric cryptography enabling distribution of the public key to verify the hash information while maintaining the confidentiality of the key used to generate the hash.

ID: xccdf_org.ssgproject.content_rule_sssd_ldap_configure_tls_ca
Severity: Medium
References: CCI-001453

CM-6(a) SC-12(3)

SRG-OS-000250-GPOS-00093

SV-204583r942912_rule
Updated: about 1 year ago