{"description": "The operating system must map the authenticated identity to the user or\ngroup account for PKI-based authentication.\n\nVerify that <tt>use_mappers</tt> is set to <tt>pwent</tt> in\n<tt>/etc/pam_pkcs11/pam_pkcs11.conf</tt> file with the following command:\n\n<pre>$ grep ^use_mappers /etc/pam_pkcs11/pam_pkcs11.conf\n\nuse_mappers = pwent</pre>", "rationale": "Without mapping the certificate used to authenticate to the user account,\nthe ability to determine the identity of the individual user or group will\nnot be available for forensic analysis.", "severity": "low", "references": {"srg": ["SRG-OS-000068-GPOS-00036"], "stigid": ["UBTU-22-612040"], "stigref": ["SV-260579r958452_rule"]}, "control_references": {"stigid": ["UBTU-22-612040"]}, "components": [], "identifiers": {}, "ocil_clause": "use_mappers is not uncommented or configured correctly", "ocil": "Verify that <tt>use_mappers</tt> is set to <tt>pwent</tt> in\n<tt>/etc/pam_pkcs11/pam_pkcs11.conf</tt> file with the following command:\n\n<pre>$ grep ^use_mappers /etc/pam_pkcs11/pam_pkcs11.conf\n\nuse_mappers = pwent</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Verify that 'use_mappers' is set to 'pwent' in PAM", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/verify_use_mappers/rule.yml", "template": {"name": "lineinfile", "vars": {"text": "use_mappers = pwent", "path": "/etc/pam_pkcs11/pam_pkcs11.conf", "oval_extended_definitions": "smartcard_configure_cert_checking"}, "backends": {}}}