Ubuntu 22.04 LTS must map the authenticated identity to the user or group account for PKI-based authentication.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-274865 | SRG-OS-000396-GPOS-00176 | UBTU-22-254030 | SV-274865r1101731_rule | 2025-05-16 | 2 |
| Description |
|---|
| Without mapping the certificate used to authenticate to the user account, the ability to determine the identity of the individual user or group will not be available for forensic analysis. |
| ℹ️ Check |
|---|
| Verify that authenticated certificates are mapped to the appropriate user group in the "/etc/sssd/sssd.conf" file with the following command: $ grep -i ldap_user_certificate /etc/sssd/sssd.conf ldap_user_certificate=userCertificate;binary |
| ✔️ Fix |
|---|
| Configure sssd to map authenticated certificates to the appropriate user group by adding the following line to the "/etc/sssd/sssd.conf" file: ldap_user_certificate=userCertificate;binary |