Loading...

XML

Word

Printable

Type: Bug
Resolution: Not a Bug
Priority: Normal
Fix Version/s: None
Affects Version/s: None
Component/s: crypto-policies
Labels:
- FIPS140
- kerberos

Regression:
None
Severity:
None

Pool Team:

rhel-sst-security-crypto
Sub-System Group:

ssg_security

Story Points:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Products:

Red Hat Enterprise Linux
Sprint:
None

Preliminary Testing:
None
Test Coverage:
None

Experience:

PX Impact Score:
PX Priority Data:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

What were you trying to do that didn't work?

After

update-crypto-policies --set FIPS:OSPP

/etc/crypto-policies/back-ends/krb5.config does not have HMAC-SHA1 enctypes like

aes256-cts-hmac-sha1-96 and aes128-cts-hmac-sha1-96

Please provide the package NVR for which bug is seen:

crypto-policies-20230731-1.git3177e06.el8

How reproducible:

Always

Steps to reproduce

update-crypto-policies --set FIPS:OSPP
grep -i 'hmac-sha1' /etc/crypto-policies/back-ends/krb5.config

Expected results

permitted_enctypes = aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96

Actual results

permitted_enctypes = aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128

is duplicated by

RHEL-22158 realm command fails to join to AD domain post upgrade to RHEL 8.9 with crypto-policy FIPS:OSSP applied

Closed

Assignee:: Alexander Sosedkin

Reporter:: Ding Yi Chen

Developer:: Alexander Sosedkin

QA Contact:: SSG Security QE

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2024/01/10 12:08 AM

Updated:: 2024/02/06 12:25 PM

Resolved:: 2024/01/30 2:21 PM

Details

Description

What were you trying to do that didn't work?

Please provide the package NVR for which bug is seen:

How reproducible:

Steps to reproduce

Expected results

Actual results

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates