>From b89c184a9e7c16febbfe0722f1f5f1171698ba84 Mon Sep 17 00:00:00 2001 From: Shawn Wells <[email protected]> Date: Tue, 25 Dec 2012 14:20:06 -0500 Subject: [PATCH 01/17] Removed AC-2 mapping from ldap_server_config_olcrootpw Setting a root password does not correspond to AC-2. Removing mapping.
(I believe this was LOSELY associated with AC-2 as it requires that accounts have "a valid access authorization," however this functionality is met within PAM enforcement of passwords (not setting the root password in an LDAP server.) --- RHEL6/input/services/ldap.xml | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/RHEL6/input/services/ldap.xml b/RHEL6/input/services/ldap.xml index 4f2d047..5246370 100644 --- a/RHEL6/input/services/ldap.xml +++ b/RHEL6/input/services/ldap.xml @@ -161,7 +161,7 @@ In addition, be sure to use a reasonably strong hash function. The default hash </description> <!--<ident cce="TODO:CCE" />--> <oval id="ldap_server_config_olcrootpw" /> -<ref nist="AC-2, IA-2" /> +<ref nist="IA-2" /> </Rule> <Rule id="ldap_server_config_certificate_files"> -- 1.7.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
