AlmaLinux OS 9 must use mechanisms meeting the requirements of applicable federal laws, executive orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module.

An XCCDF Rule

Details
Profiles

Description

The key derivation function (KDF) in Kerberos is not FIPS compatible. Overriding the system crypto policy makes the behavior of Kerberos violate expectations, and makes system configuration more fragmented.

ID: SV-269413r1050296_rule
Version: ALMA-09-039290
Severity: Medium
References: CCI-000803
Updated: about 2 months ago

Remediation Templates

Configure Kerberos to use systemwide crypto policy.

Create a symlink pointing to system crypto policy in the Kerberos configuration using the following command:

$ ln -s /etc/crypto-policies/back-ends/krb5.config /usr/share/crypto-policies/FIPS/krb5.txt

AlmaLinux OS 9 must use mechanisms meeting the requirements of applicable federal laws, executive orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module.

Description

Remediation Templates

A Manual Procedure