The Ubuntu operating system must map the authenticated identity to the user or group account for PKI-based authentication.

An XCCDF Rule

Description

<VulnDiscussion>Without mapping the certificate used to authenticate to the user account, the ability to determine the identity of the individual user or group will not be available for forensic analysis.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-219316r880891_rule
Severity: High
References: CCI-000187
Updated: 9 months ago

Install libpam-pkcs11 package on the system. 

Set use_mappers=pwent in /etc/pam_pkcs11/pam_pkcs11.conf

If the system is missing an "/etc/pam_pkcs11/" directory and an "/etc/pam_pkcs11/pam_pkcs11.conf", find an example to copy into place and modify accordingly at "/usr/share/doc/libpam-pkcs11/examples/pam_pkcs11.conf.example.gz".

The Ubuntu operating system must map the authenticated identity to the user or group account for PKI-based authentication.

Description

Remediation - Manual Procedure