Ubuntu 24.04 LTS must map the authenticated identity to the user or group account for PKI-based authentication.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-270736 | UBTU-24-400370 | SV-270736r1066697_rule | CCI-000187 | high |
| Description | ||||
| Without mapping the certificate used to authenticate to the user account, the ability to determine the identity of the individual user or group will not be available for forensic analysis. | ||||
| STIG | Date | |||
| Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide | 2025-05-16 | |||
Details
Check Text (C-270736r1066697_chk)
Verify that authenticated certificates are mapped to the appropriate user group in the "/etc/sssd/sssd.conf" file with the following command:
$ grep -i ldap_user_certificate /etc/sssd/sssd.conf
ldap_user_certificate=userCertificate;binary
Fix Text (F-74670r1066696_fix)
Configure sssd to map authenticated certificates to the appropriate user group by adding the following line to the "/etc/sssd/sssd.conf" file:
ldap_user_certificate=userCertificate;binary