-
Bug
-
Resolution: Done-Errata
-
Undefined
-
rhel-8.10.z
-
krb5-1.18.2-32.el8_10
-
No
-
Important
-
ZStream
-
3
-
rhel-idm-ipa
-
ssg_idm
-
3
-
False
-
False
-
-
None
-
2025-Q2-Bravo-S2, 2025-Q2-Bravo-S3, 2025-Q2-Bravo-S4
-
Approved Blocker
-
Pass
-
Automated
-
Unspecified
-
Unspecified
-
Unspecified
-
None
To ensure RC4 HMAC-MD5 was not used in FIPS mode, access to HMAC-MD4/5 is not allowed in this mode. However, since we provide the [libdefaults]radius_md5_fips_override configuration parameter to allow using RADIUS regardless to the FIPS restrictions, we should allow HMAC-MD5 to be used too in this case, because it is required for the newly supported Message-Authenticator attribute. Having an exception for MD5 alone, but not for HMAC-MD5 does not make sense.
- links to
-
RHBA-2025:150462 updated toolbox-container container image
-
RHSA-2025:149793 krb5 security update