GEN007980 - If using LDAP for auth or account information, must use a TLS connection using FIPS 140-2 algorithms - 'ssl start_tls'

Information

LDAP can be used to provide user authentication and account information, which are vital to system security. Communication between an LDAP server and a host using LDAP requires protection.

Solution

Edit '/etc/ldap.conf' and add a 'ssl start_tls' and 'tls_ciphers' options with only FIPS 140-2 approved ciphers.

See Also

http://iasecontent.disa.mil/stigs/zip/U_RedHat_5_V1R18_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-17(2), CAT|II, CCI|CCI-001453, Group-ID|V-22555, Rule-ID|SV-37627r3_rule, STIG-ID|GEN007980, Vuln-ID|V-22555

Plugin: Unix

Control ID: 1a6d8b76b46af5be545e7156f5917b829e0d3f4de22461465e30afb908d39591