Previous Topic: Storage of Keys and CertificatesNext Topic: Features Affected (Windows)


Features Affected (UNIX)

The FIPS operational mode can have an effect on the following CA ControlMinder UNIX features:

Feature

Non-FIPS Mode

FIPS Mode

PMD update file encryption

Default symmetric key encryption (two-way)

Disabled

Trusted Programs

CAPKI SHA-1 and MD5

CAPKI SHA-1 only

Bidirectional password encryption

Default symmetric key encryption

Disabled

Unidirectional password encryption

Operating system's crypt/bigcrypt method

Operating system's crypt/bigcrypt method

PMD TNG command

Default symmetric key encryption

Disabled

CA ControlMinder TNG daemon

Default symmetric key encryption

Disabled

LDAP password encryption usage (sebuildla -u -n)

Default symmetric key encryption

Disabled

LDAP password encryption generation

(seldapcred)

Default symmetric key encryption

Disabled

TCP communication

Default symmetric key encryption (two-way) or CAPKI sockets over SSL V2, SSL V3, or TLS V1

CAPKI sockets over TLS V1

seversion utility

CAPKI SHA-1

CAPKI SHA-1

Trusted Programs (watchdog and seretrust)

CAPKI SHA-1

CAPKI SHA-1

Advanced policy management policy distribution

CAPKI SHA-1 signature, and for backwards compatibility, CA ControlMinder internal SHA-1 signature

CAPKI SHA-1 signature only

selogrd encryption

Default symmetric key encryption and MD5

Disabled

sechkey key change

Default symmetric key encryption

Disabled

iRecorder log file signature

MD5 encryption

Disabled

Report Agent

Enabled

Disabled

SAM Agent

Enabled

Disabled

DMS

Enabled

UNAB endpoints management disabled

Note: Where a feature is disabled as a result of the FIPS operational mode, the relevant program prints an error message and exits, or writes the error message to the system log if a non interactive process occurred. For example: Report Agent or SAM Agent.