MADB-10-004200 - MariaDB must map PKI ID to an associated user account.

Information

The DoD standard for authentication is DoD-approved PKI certificates. Once a PKI is validated, it is mapped to the DBMS user account for the authentication identity and then can be used for authorization decisions.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Example command to create users with proper X509 certificate subject and issuer:

MariaDB>CREATE USER 'janedoe'@'%' IDENTIFIED BY 'Some_Password_Here_$9'
REQUIRE SUBJECT '/C=US/ST=Ohio/L=Columbus/O=MariaDB Corporation/CN=Jane Doe'
AND ISSUER '/C=US/ST=Ohio/L=Columbus/O=MariaDB Corporation/CN=MariaDB CA';

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MariaDB_Enterprise_10-x_V2R2_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(2)(c), CAT|II, CCI|CCI-000187, Rule-ID|SV-253701r961044_rule, STIG-ID|MADB-10-004200, Vuln-ID|V-253701

Plugin: MySQLDB

Control ID: 4190a999af95df868c69e1301d8678d804e52faf01ed225b418410135d4efac6