Ubuntu 20.04 LTS must map the authenticated identity to the user or group account for PKI-based authentication.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-274857 | UBTU-20-010022 | SV-274857r1101692_rule | CCI-000187 | high |
| Description | ||||
| Without mapping the certificate used to authenticate to the user account, the ability to determine the identity of the individual user or group will not be available for forensic analysis. | ||||
| STIG | Date | |||
| Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide | 2025-05-16 | |||
Details
Check Text (C-274857r1101692_chk)
Verify that authenticated certificates are mapped to the appropriate user group in the "/etc/sssd/sssd.conf" file with the following command:
$ grep -i ldap_user_certificate /etc/sssd/sssd.conf
ldap_user_certificate=userCertificate;binary
Fix Text (F-78863r1101691_fix)
Configure sssd to map authenticated certificates to the appropriate user group by adding the following line to the "/etc/sssd/sssd.conf" file:
ldap_user_certificate=userCertificate;binary