GEN008000 - If using LDAP for auth or account info, certs used must be provided from DoD or an approved external PKI - 'manual cert check'

Information

LDAP can be used to provide user authentication and account information, which are vital to system security. Communication between an LDAP server and a host using LDAP requires authentication.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Edit '/etc/ldap.conf' and add or edit the 'tls_cert' setting to reference a file containing a client certificate issued by DoD PKI or a DoD-approved external PKI.

See Also

http://iasecontent.disa.mil/stigs/zip/U_RedHat_5_V1R18_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(2)(a), CAT|II, CCI|CCI-000185, Group-ID|V-22556, Rule-ID|SV-37631r1_rule, STIG-ID|GEN008000, Vuln-ID|V-22556

Plugin: Unix

Control ID: c77c2e95c8b50c8b27eeb2a9bea555989755d2573fde8830bc26ea58518352c1