From Fedora Project Wiki

m (ldap > LDAP)
Line 15: Line 15:
 
=== SHA-2 support ===
 
=== SHA-2 support ===
  
Fedora now uses the SHA-256 digest algorithm for data verification and authentication in more places than before, migrating from the weaker SHA-1 and MD5 algorithms. Where possible, the migration was transparent; in other places the default configuration was changed or manual configuration is necessary to use the stronger algorithms.
+
Fedora now uses the SHA-256 digest algorithm for data verification and authentication in more places than before, migrating from the weaker SHA-1 and MD5 algorithms. Where possible, the migration was transparent; in other places the default configuration was changed or manual configuration is necessary to use the stronger algorithms.  See [[Hash_algorithm_migration_status#Configuration]] for application-specific instructions.

Revision as of 14:58, 14 April 2009

Security

This section highlights various security items from Fedora.

Fingerprint Readers

Fingerprint readers are now better integrated with Fedora 11. GNOME users can easily setup fingerprint authentication using gnome-about-me, and will allow the ability to login from both Package-x-generic-16.pnggdm and Package-x-generic-16.pnggnome-screensaver.

System Security Services Daemon

The SSSD is intended to provide several key feature enhancements to Fedora. The first being the addition of offline caching for network credentials. Authentication through the SSSD will potentially allow LDAP, NIS, and FreeIPA services to provide an offline mode, to ease the use of centrally managing laptop users.

The LDAP features will also add support for connection pooling. All communication to the LDAP server will happen over a single persistent connection, reducing the overhead of opening a new socket for each request. The SSSD will also add support for multiple LDAP/NIS domains. It will be possible to connect to two or more LDAP/NIS servers acting as separate user namespaces.

SHA-2 support

Fedora now uses the SHA-256 digest algorithm for data verification and authentication in more places than before, migrating from the weaker SHA-1 and MD5 algorithms. Where possible, the migration was transparent; in other places the default configuration was changed or manual configuration is necessary to use the stronger algorithms. See Hash_algorithm_migration_status#Configuration for application-specific instructions.