FIPS support for Kerberos
Abhidnya Joshi
abhidnyachirmule at gmail.com
Fri May 3 13:51:39 EDT 2019
Hi Simo,
Thank you for the quick reply. May I know what do you mean by "some
aspects" of the protocol that have to be approved as allowed by FIPS?
Does Kerberos available in RHEL enterprise edition claims as FIPS
compliant?
Thanks
Abhidnya Joshi
On Fri, May 3, 2019 at 5:55 PM Simo Sorce <simo at redhat.com> wrote:
> As far as I know there is no version of Kerberos that is FIPS compliant
> at this point. There are also problems with some aspects of the
> protocol that would have to be approved as allowed by FIPS.
>
> There is definitely commercial interest to get there, but that effort
> is generally happening at each vendor individually.
>
> Simo.
>
> On Fri, 2019-05-03 at 10:44 +0530, Abhidnya Joshi wrote:
> > Hi All,
> >
> > Is there a FIPS compliant version of Kerberos library available?
> >
> > Even if I build it with fips comliant openssl crypto, it gives problem
> for
> > low level functions calls like SHA256_init, AES_set_encrypt_key, etc.
> > Openssl libcrypto aborts on call to such function when FIPS mode is on.
> >
> > There is also MD5 used via krb5_rc_hash_message() which aborts via
> openssl
> > libcrypto.
> >
> > Any suggestion/comments on how to handle this? ANy configurable to
> control
> > these options?
> >
> > Thanks
> > Abhidnya Joshi
> > _______________________________________________
> > krbdev mailing list krbdev at mit.edu
> > https://mailman.mit.edu/mailman/listinfo/krbdev
>
> --
> Simo Sorce
> Sr. Principal Software Engineer
> Red Hat, Inc
>
>
>
More information about the krbdev
mailing list