diff options
| author | Carlos O'Donell <carlos@redhat.com> | 2013-10-19 00:11:31 -0400 |
|---|---|---|
| committer | Carlos O'Donell <carlos@redhat.com> | 2013-10-19 00:11:31 -0400 |
| commit | 3d7dc513b782407bd397b13771a631d9080d3aac (patch) | |
| tree | fac59ee8199751f14f52ddb09782fa701bd96c87 /time | |
| parent | 484c12fb1e3664fb434291234ea5787c5e3df4f5 (diff) | |
| download | glibc-3d7dc513b782407bd397b13771a631d9080d3aac.tar.gz glibc-3d7dc513b782407bd397b13771a631d9080d3aac.tar.xz glibc-3d7dc513b782407bd397b13771a631d9080d3aac.zip | |
Mention FIPS 140-2 compliance and Sun RPC.
The Secure RPC implementation in glibc uses DES encryption during authentication of the user. This use of DES means that anyone using Sun RPC will likely not be compliant with FIPS 140-2 which forbids the use of DES. One solution to the compliance issue is to disable AUTH_DES and AUTH_KERB, both use DES, when in FIPS compliance mode. This is not a good idea because it disables all of the even mildly secure methods of authentication allowing only plain text methods. Instead we leave AUTH_DES and AUTH_KERB enabled in FIPS compliance mode and document the compliance issue in the manual. FIPS allows this, that is to say that if you can't fix it you must document the non-compliance. This commit adds documentation to that effect in the "DES encryption and password handling" section of the manual.
Diffstat (limited to 'time')
0 files changed, 0 insertions, 0 deletions