4bee87be1d
This patch adds a verification for ocsp_on in the PAM PKCS 11 configuration file (if present). Documentation is included. Implements: blueprint security-rhel7-stig Change-Id: I53e6ff4a7cc55e174d4ae2976b1c2118317f4964
436 B
436 B
---id: RHEL-07-040030 status: verification only tag: auth ---
The tasks in the security role examine the
/etc/pam_pkcs11/pam_pkcs11.conf file (if it exists) to
ensure that ocsp_on is included in all three
cert_policy directives. If oscp_on is not
found three times in the file, a message is printed in the Ansible
output.
This change is only needed on systems which use PKI-based authentication (using certificates).