UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

RHEL 9 must use mechanisms meeting the requirements of applicable federal laws, executive orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module.


Overview

Finding ID Version Rule ID IA Controls Severity
V-258237 RHEL-09-672025 SV-258237r971535_rule Medium
Description
Overriding the system crypto policy makes the behavior of Kerberos violate expectations, and makes system configuration more fragmented.
STIG Date
Red Hat Enterprise Linux 9 Security Technical Implementation Guide 2024-06-04

Details

Check Text ( C-61978r926696_chk )
Verify that the symlink exists and targets the correct Kerberos crypto policy, with the following command:

file /etc/crypto-policies/back-ends/krb5.config

If command output shows the following line, Kerberos is configured to use the system-wide crypto policy:

/etc/crypto-policies/back-ends/krb5.config: symbolic link to /usr/share/crypto-policies/FIPS/krb5.txt

If the symlink does not exist or points to a different target, this is a finding.
Fix Text (F-61902r926697_fix)
Configure Kerberos to use system crypto policy.

Create a symlink pointing to system crypto policy in the Kerberos configuration using the following command:

$ sudo ln -s /etc/crypto-policies/back-ends/krb5.config /usr/share/crypto-policies/FIPS/krb5.txt