RHEL-08-010161 and RHEL-09-611205 removing keytab files, breaking sssd (misaligned with DISA) #11764

GitYukari · 2024-03-27T23:29:37Z

Description of problem:

https://www.stigviewer.com/stig/red_hat_enterprise_linux_8/2023-09-11/finding/V-230238

The above STIG audits the presence of any keytab files in the location: /etc/*.keytab

However, this STIG has been revised since 2020 to state that if the installed package of krb5-server or krb5-workstation is newer than 1.17-18, then this check is N/A.

The current Ansible workbook is deleting this file regardless of the version of the above packages. This breaks Kerberos authentication and causes the sssd service to crash on startup.

This is directly related to: #11750

SCAP Security Guide Version:

0.1.72 (Feb 2024)

Operating System Version:

RHEL 8
RHEL 9

The text was updated successfully, but these errors were encountered:

GitYukari changed the title ~~RHEL-08-010161 removing keytab files, breaking sssd (misaligned with DISA)~~ RHEL-08-010161 and RHEL-09-611205 removing keytab files, breaking sssd (misaligned with DISA) Mar 27, 2024

marcusburghardt added STIG STIG Benchmark related. RHEL Red Hat Enterprise Linux product related. labels Apr 18, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

RHEL-08-010161 and RHEL-09-611205 removing keytab files, breaking sssd (misaligned with DISA) #11764

RHEL-08-010161 and RHEL-09-611205 removing keytab files, breaking sssd (misaligned with DISA) #11764

GitYukari commented Mar 27, 2024 •

edited

RHEL-08-010161 and RHEL-09-611205 removing keytab files, breaking sssd (misaligned with DISA) #11764

RHEL-08-010161 and RHEL-09-611205 removing keytab files, breaking sssd (misaligned with DISA) #11764

Comments

GitYukari commented Mar 27, 2024 • edited

Description of problem:

SCAP Security Guide Version:

Operating System Version:

GitYukari commented Mar 27, 2024 •

edited