Detections
Analytics

1.451 RHEL-09-672025

Information

RHEL 9 must use mechanisms meeting the requirements of applicable federal laws, executive orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module.

GROUP ID: V-258237RULE ID: SV-258237r1051256

Overriding the system crypto policy makes the behavior of Kerberos violate expectations and makes system configuration more fragmented.

Solution

Configure Kerberos to use system cryptographic policy.

Create a symlink pointing to system crypto policy in the Kerberos configuration using the following command:

$ sudo ln -s /etc/crypto-policies/back-ends/krb5.config /usr/share/crypto-policies/FIPS/krb5.txt

See Also

https://workbench.cisecurity.org/benchmarks/22008

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-7, CAT|II, CCI|CCI-000803, Rule-ID|SV-258237r1051256_rule, STIG-ID|RHEL-09-672025, Vuln-ID|V-258237

Plugin: Unix

Control ID: c378278a9e41d818e8e2dfcdd2acd1087b575db478e14517dc628384f11429d9