a841e184de
This patch updates the documentation for the developer notes associated with the Cat 2 (Medium) controls applied by the security role. Partial-bug: 1583744 Change-Id: Ic342f33942521db009185585a21208a4688f6ed3
816 B
816 B
The STIG requires SHA512 to be used for hashing password since it is in the list of FIPS 140-2 approved hashing algorithms. This is also the default in Ubuntu 14.04, Ubuntu 16.04, and CentOS 7.
The libuser package isn't installed by default in Ubuntu
or via openstack-ansible. The Ansible tasks will do the following:
- Check to see if libuser is installed
- If it's installed, it will check for the password hashing algorithm
in
/etc/libuser.conf - If libuser is installed and the password hashing algorithm isn't SHA512, an error will be printed and the playbook will fail
Further reading: