dccce1d5cc
This patch gets the docs adjusted to work with the new RHEL 7 STIG version 1 release. The new STIG release has changed all of the numbering, but it maintains a link to (most) of the old STIG IDs in the XML. Closes-bug: 1676865 Change-Id: I65023fe63163c9804a3aec9dcdbf23c69bedb604
830 B
---id: V-72231 status: exception - manual intervention tag: auth ---
Deployers are strongly urged to utilize sssd for systems
that authenticate against LDAP or Active Directory (AD) servers.
To meet this control, deployers must ensure that
ldap_tls_cacert or ldap_tls_cacertdir are set
in the /etc/sssd/sssd.conf file. The
ldap_tls_cacert directive specifies a single certificate
while ldap_tls_cacertdir specifies a directory where
sssd can find CA certificates.
Warning
Use caution when adjusting these settings. If the correct CA certificates are not already deployed to the servers that perform LDAP authentication, their attempts to authenticate users might fail.
Consult with administrators of the LDAP system and test all changes on a non-production system first.