|Finding ID||Version||Rule ID||IA Controls||Severity|
|Without mapping the certificate used to authenticate to the user account, the ability to determine the identity of the individual user or group will not be available for forensic analysis.|
|Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide||2022-12-06|
|Check Text ( C-21041r880890_chk )|
| Verify the Ubuntu operating system has the "libpam-pkcs11" package installed, by running the following command: |
# dpkg -l | grep libpam-pkcs11
If "libpam-pkcs11" is not installed, this is a finding.
Check if use_mappers is set to pwent in /etc/pam_pkcs11/pam_pkcs11.conf file
# grep use_mappers /etc/pam_pkcs11/pam_pkcs11.conf
use_mappers = pwent
If "use_mappers" is not found, or is not set to "pwent", this is a finding.
|Fix Text (F-21040r305277_fix)|
| Install libpam-pkcs11 package on the system. |
Set use_mappers=pwent in /etc/pam_pkcs11/pam_pkcs11.conf
If the system is missing an "/etc/pam_pkcs11/" directory and an "/etc/pam_pkcs11/pam_pkcs11.conf", find an example to copy into place and modify accordingly at "/usr/share/doc/libpam-pkcs11/examples/pam_pkcs11.conf.example.gz".