1. Using a FIPS 140-2 Enabled System in Oracle Solaris 11.4
  2. Enabling FIPS 140-2 Consumers on an Oracle Solaris System
  3. Kerberos as a FIPS 140-2 Consumer

Kerberos as a FIPS 140-2 Consumer

The Kerberos client installs as the package pkg:/security/kerberos-5, and the KDC manager installs as the package pkg:/security/kerberos-5/kdc.

OpenSSL is the source of encryption for Kerberos in Oracle Solaris 11.4. As the Kerberos administrator, you are responsible for configuring Kerberos servers, the Kerberos database, and Kerberos clients to use the FIPS 140-2 OpenSSL module for encryption.

Several Kerberos configuration files specify the encryption types to use for the KDC database and Kerberos clients. In those files, you must configure Kerberos to use FIPS 140-2 encryption types only and to disallow weak keys.

For the procedure, see How to Configure Kerberos to Run in FIPS 140-2 Mode in Managing Kerberos in Oracle Solaris 11.4.

See also: