404175da27
This patch adds a verification step to ensure cackey/coolkey are used for PKI-based authentication. Documentation is included. Implements: blueprint security-rhel7-stig Change-Id: Ie077a33bb0e63384fa8038098ece30e1326e2c35
356 B
356 B
---id: RHEL-07-040040 status: verification only tag: auth ---
The tasks in the security role check for cackey or
coolkey as acceptable values for
use_pkcs11_module in
/etc/pam_pkcs11/pam_pkcs11.conf. If neither are found, a
message is printed in the Ansible output.
This change only applies to systems that use PKI-based authentication.