OL 9 must use mechanisms meeting the requirements of applicable federal laws, executive orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-271762 | SRG-OS-000120-GPOS-00061 | OL09-00-002424 | SV-271762r1091998_rule | 2025-05-08 | 1 |
| Description |
|---|
| Overriding the system crypto policy makes the behavior of Kerberos violate expectations and makes system configuration more fragmented. |
| ℹ️ Check |
|---|
| Verify that OL 9 configures Kerberos to use the systemwide crypto policy with the following command: $ file /etc/crypto-policies/back-ends/krb5.config /etc/crypto-policies/back-ends/krb5.config: symbolic link to /usr/share/crypto-policies/FIPS/krb5.txt If the symlink does not exist or points to a different target, this is a finding. |
| ✔️ Fix |
|---|
| Configure Kerberos to use system crypto policy. Remove incorrect symlink if it exists using the following command: $ sudo rm /etc/crypto-policies/back-ends/krb5.config Create a symlink pointing to system crypto policy in the Kerberos configuration using the following command: $ sudo ln -s /usr/share/crypto-policies/FIPS/krb5.txt /etc/crypto-policies/back-ends/krb5.config |