OL 9 must use mechanisms meeting the requirements of applicable federal laws, executive orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-271762 | OL09-00-002424 | SV-271762r1091998_rule | Medium |
| Description |
| Overriding the system crypto policy makes the behavior of Kerberos violate expectations and makes system configuration more fragmented. |
| STIG | Date |
| Oracle Linux 9 Security Technical Implementation Guide | 2025-05-08 |
Details
| Check Text (C-75812r1091996_chk) |
| Verify that OL 9 configures Kerberos to use the systemwide crypto policy with the following command: $ file /etc/crypto-policies/back-ends/krb5.config /etc/crypto-policies/back-ends/krb5.config: symbolic link to /usr/share/crypto-policies/FIPS/krb5.txt If the symlink does not exist or points to a different target, this is a finding. |
| Fix Text (F-75719r1091997_fix) |
| Configure Kerberos to use system crypto policy. Remove incorrect symlink if it exists using the following command: $ sudo rm /etc/crypto-policies/back-ends/krb5.config Create a symlink pointing to system crypto policy in the Kerberos configuration using the following command: $ sudo ln -s /usr/share/crypto-policies/FIPS/krb5.txt /etc/crypto-policies/back-ends/krb5.config |