Documentation - V-253667

V-253667

MariaDB Enterprise 10.x Security Technical Implementation Guide

CAT I

Title

MariaDB must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals.

Description

<VulnDiscussion>Enterprise environments make account management for applications and databases challenging and complex. A manual process for account management functions adds the risk of a potential oversight or other error. Managing accounts for the same person in multiple places is inefficient and prone to problems with consistency and synchronization. A comprehensive application account management process that includes automation helps to ensure that accounts designated as requiring attentio...

Fix Text (Documentation Requirement)

Integrate MariaDB security with an organization-level authentication/access mechanism providing account management for all users, groups, roles, and any other principals. As the database administrator, install and configure the PAM authentication module: MariaDB> INSTALL SONAME 'auth_pam'; PAM supports many authentication methods including LDAP, Active Directory, and Kerberos. Each method must be configured properly in the /etc/pam.conf file or the /etc/pam.d directory. To alter non-PAM authenticated users to using PAM: MariaDB> ALTER USER 'username'@'host' IDENTIFIED VIA pam USING mariadb_ldap;

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel