You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The above STIG audits the presence of any keytab files in the location: /etc/*.keytab
However, this STIG has been revised since 2020 to state that if the installed package of krb5-server or krb5-workstation is newer than 1.17-18, then this check is N/A.
The current Ansible workbook is deleting this file regardless of the version of the above packages. This breaks Kerberos authentication and causes the sssd service to crash on startup.
The text was updated successfully, but these errors were encountered:
GitYukari
changed the title
RHEL-08-010161 removing keytab files, breaking sssd (misaligned with DISA)
RHEL-08-010161 and RHEL-09-611205 removing keytab files, breaking sssd (misaligned with DISA)
Mar 27, 2024
Description of problem:
https://www.stigviewer.com/stig/red_hat_enterprise_linux_8/2023-09-11/finding/V-230238
The above STIG audits the presence of any keytab files in the location:
/etc/*.keytab
However, this STIG has been revised since 2020 to state that if the installed package of krb5-server or krb5-workstation is newer than 1.17-18, then this check is N/A.
The current Ansible workbook is deleting this file regardless of the version of the above packages. This breaks Kerberos authentication and causes the sssd service to crash on startup.
This is directly related to: #11750
SCAP Security Guide Version:
0.1.72 (Feb 2024)
Operating System Version:
RHEL 8
RHEL 9
The text was updated successfully, but these errors were encountered: