Detections
Analytics
RHEL-10-701220 - RHEL 10 must enable certificate-based smart card authentication.
Information
Without the use of multifactor authentication, the ease of access to privileged functions is greatly increased. Multifactor authentication requires using two or more factors to achieve authentication. A privileged account is defined as an information system account with authorizations of a privileged user. The DOD Common Access Card (CAC) with DOD-approved public key infrastructure (PKI) is an example of multifactor authentication.Satisfies: SRG-OS-000375-GPOS-00160, SRG-OS-000105-GPOS-00052, SRG-OS-000106-GPOS-00053, SRG-OS-000107-GPOS-00054, SRG-OS-000108-GPOS-00055
Solution
Configure RHEL 10 to enable certificate-based smart card authentication.Edit the file "/etc/sssd/sssd.conf" or a configuration file in "/etc/sssd/conf.d" and add or edit the following line:
pam_cert_auth = True
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_10_V1R1_STIG.zip
Item Details
Audit Name: DISA Red Hat Enterprise Linux 10 STIG v1r1
Category: IDENTIFICATION AND AUTHENTICATION
References: 800-53|IA-2(1), 800-53|IA-2(2), CAT|II, CCI|CCI-000765, CCI|CCI-000766, CCI|CCI-004046, Rule-ID|SV-281324r1167122_rule, STIG-ID|RHEL-10-701220, Vuln-ID|V-281324
Plugin: Unix
Control ID: 77195e1501a772537cdbbbb198681b7d28941f27d68d911503d00e707bd374db