UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

RHEL 9 must enable certificate based smart card authentication.


Overview

Finding ID Version Rule ID IA Controls Severity
V-258122 RHEL-09-611165 SV-258122r997106_rule Medium
Description
Without the use of multifactor authentication, the ease of access to privileged functions is greatly increased. Multifactor authentication requires using two or more factors to achieve authentication. A privileged account is defined as an information system account with authorizations of a privileged user. The DOD Common Access Card (CAC) with DOD-approved PKI is an example of multifactor authentication. Satisfies: SRG-OS-000375-GPOS-00160, SRG-OS-000105-GPOS-00052
STIG Date
Red Hat Enterprise Linux 9 Security Technical Implementation Guide 2024-06-04

Details

Check Text ( C-61863r926351_chk )
Verify that RHEL 9 has smart cards are enabled in System Security Services Daemon (SSSD), run the following command:

$ sudo grep pam_cert_auth /etc/sssd/sssd.conf

pam_cert_auth = True

If "pam_cert_auth" is not set to "True", the line is commented out, or the line is missing, this is a finding.
Fix Text (F-61787r926352_fix)
Edit the file "/etc/sssd/sssd.conf" and add or edit the following line:

pam_cert_auth = True