For PKI-based authentication, the OS must maintain a local cache of revocation data to handle network unavailabilityID: oval:org.secpod.oval:def:97847 | Date: (C)2024-02-08 (M)2024-02-12 |
Class: COMPLIANCE | Family: unix |
Without configuring a local cache of revocation data, there is the potential to allow access to users who are no longer authorized (users with revoked certificates). Configure the Ubuntu operating system, for PKI-based authentication, to use local revocation data when unable to access the network to obtain it remotely.