FIPS support for Kerberos

Abhidnya Joshi abhidnyachirmule at
Fri May 3 01:14:48 EDT 2019

Hi All,

Is there a FIPS compliant version of Kerberos library available?

Even if I build it with fips comliant openssl crypto, it gives problem for
low level functions calls like SHA256_init, AES_set_encrypt_key, etc.
Openssl libcrypto aborts on call to such function when FIPS mode is on.

There is also MD5 used via krb5_rc_hash_message() which aborts via openssl

Any suggestion/comments on how to handle this? ANy configurable to control
these options?

Abhidnya Joshi

More information about the krbdev mailing list