An XCCDF Group - A logical subset of the XCCDF Benchmark
cac
default
other
opensc-pkcs11
$ apt-get install opensc-pkcs11
libpam-pkcs11
$ apt-get install libpam-pkcs11
cert_policy
/etc/pam_pkcs11/pam_pkcs11.conf
ca
cert_policy = ca, ocsp_on, signature;
ocsp_on
crl_auto
crl_offline
cert_policy = ca,signature,ocsp_on,crl_auto;
pam_pkcs11.so
etc/pam.d/common-auth
# grep pam_pkcs11.so /etc/pam.d/common-auth auth [success=2 default=ignore] pam_pkcs11.so
use_mappers
pwent
$ grep ^use_mappers /etc/pam_pkcs11/pam_pkcs11.conf use_mappers = pwent