Open ggbecker opened 2 years ago
Pulling my comment from that PR here:
I agree that if the system has a GUI, it should have Smartcard support enabled in GNOME. Might want to do some brief research to ensure we are not making a bad recommendation.
I also agree to have it in systems with GUI. To complement, the process to enable smartcards, besides the GNOME settings, depend on PAM settings. The respective PAM rule was reviewed and refactored recently: #9145
There is documentation for RHEL8 on how to enable the smartcard in the desktop environment. So it seems the rule can be applicable to RHEL8/RHEL9. Why it's not in the RHEL8 STIG is something I don't know.
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/using_the_desktop_environment_in_rhel_8/authenticating-the-user-in-the-desktop-environment_using-the-desktop-environment-in-rhel-8
I believe it makes sense to have it there if the system has GUI.
@Mab879 @jan-cerny what do you think? (note: we've removed the rule from other SRGs in another PR: #8625)
Originally posted by @ggbecker in https://github.com/ComplianceAsCode/content/issues/8624#issuecomment-1110789138