OL 9 must use mechanisms meeting the requirements of applicable federal laws, executive orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-271762 | OL09-00-002424 | SV-271762r1091998_rule | CCI-000803 | medium |
| Description | ||||
| Overriding the system crypto policy makes the behavior of Kerberos violate expectations and makes system configuration more fragmented. | ||||
| STIG | Date | |||
| Oracle Linux 9 Security Technical Implementation Guide | 2025-05-08 | |||
Details
Check Text (C-271762r1091998_chk)
Verify that OL 9 configures Kerberos to use the systemwide crypto policy with the following command:
$ file /etc/crypto-policies/back-ends/krb5.config
/etc/crypto-policies/back-ends/krb5.config: symbolic link to /usr/share/crypto-policies/FIPS/krb5.txt
If the symlink does not exist or points to a different target, this is a finding.
Fix Text (F-75719r1091997_fix)
Configure Kerberos to use system crypto policy.
Remove incorrect symlink if it exists using the following command:
$ sudo rm /etc/crypto-policies/back-ends/krb5.config
Create a symlink pointing to system crypto policy in the Kerberos configuration using the following command:
$ sudo ln -s /usr/share/crypto-policies/FIPS/krb5.txt /etc/crypto-policies/back-ends/krb5.config