SV-221658r603260_rule
V-221658
SRG-OS-000375-GPOS-00160
OL07-00-010061
CAT II
10
Configure the operating system to uniquely identify and authenticate users using multifactor authentication via a graphical user logon.
Note: If the system does not have GNOME installed, this requirement is Not Applicable.
Create a database to contain the system-wide screensaver settings (if it does not already exist) with the following command:
Note: The example is using the local system database, so if the system is using another database in "/etc/dconf/profile/user", create the file under the appropriate subdirectory.
# touch /etc/dconf/db/local.d/00-defaults
Edit "[org/gnome/login-screen]" and add or update the following line:
enable-smartcard-authentication=true
Update the system databases:
# dconf update
Verify the operating system uniquely identifies and authenticates users using multifactor authentication via a graphical user logon.
Note: If the system does not have GNOME installed, this requirement is Not Applicable.
Determine which profile the system database is using with the following command:
# grep system-db /etc/dconf/profile/user
system-db:local
Note: The example is using the database local for the system, so the path is "/etc/dconf/db/local.d". This path must be modified if a database other than local is being used.
# grep enable-smartcard-authentication /etc/dconf/db/local.d/*
enable-smartcard-authentication=true
If "enable-smartcard-authentication" is set to "false" or the keyword is missing, this is a finding.
V-221658
False
OL07-00-010061
Verify the operating system uniquely identifies and authenticates users using multifactor authentication via a graphical user logon.
Note: If the system does not have GNOME installed, this requirement is Not Applicable.
Determine which profile the system database is using with the following command:
# grep system-db /etc/dconf/profile/user
system-db:local
Note: The example is using the database local for the system, so the path is "/etc/dconf/db/local.d". This path must be modified if a database other than local is being used.
# grep enable-smartcard-authentication /etc/dconf/db/local.d/*
enable-smartcard-authentication=true
If "enable-smartcard-authentication" is set to "false" or the keyword is missing, this is a finding.
M
4089