Consider Updating mfa_package_list Defaults

Question

Consider Updating mfa_package_list Defaults

Bialogs opened this issue 6 years ago · 1 comments

I was doing a bit of investigating on RHEL's MFA/Smartcard requirements and they posted this. The control currently has the STIG recommended check of three packages:

mfa_pkg_list: [
    'esc',
    'pam_pkcs11',
    'authconfig-gtk',
]

If you want to consider the RHEL documentation mfa_pkg_list would look something like

mfa_pkg_list: [
    'nss-tools',
    'nss-pam-ldapd',
    'esc',
    'pam_pkcs11',
    'pam_krb5',
    'opensc',
    'pcsc-lite-ccid',
    'gdm',
    'authconfig',
    'authconfig-gtk',
    'krb5-libs',
    'krb5-workstation',
    'krb5-pkinit',
    'pcsc-lite',
    'pcsc-lite-libs'
]

Answer 1 · 2019-02-28T21:00:08.000Z

The RHEL docs should be considered authoritative in my opinion.