release-notes/devel/en_US Security.xml,1.15,1.16
Murray McAllister (mdious)
fedora-docs-commits at redhat.com
Sat Mar 15 11:09:21 UTC 2008
Author: mdious
Update of /cvs/docs/release-notes/devel/en_US
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10371/release-notes/en_US
Modified Files:
Security.xml
Log Message:
updating Security as per current content on Beats/Security
Index: Security.xml
===================================================================
RCS file: /cvs/docs/release-notes/devel/en_US/Security.xml,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- Security.xml 8 Oct 2007 23:10:13 -0000 1.15
+++ Security.xml 15 Mar 2008 11:09:18 -0000 1.16
@@ -20,38 +20,31 @@
<title>Security Enhancements</title>
<itemizedlist>
<listitem>
- <para>Fedora continues to improve its many proactive <ulink
- url="http://fedoraproject.org/wiki/Security/Features">security
- features</ulink>, and FORTIFY_SOURCE has now been <ulink
- url="https://www.redhat.com/archives/fedora-devel-announce/2007-September/msg00015.html">enhanced</ulink>
- to cover C++ in addition to C, which prevents many security
- exploits.</para>
+ <para>Fedora continues to improve its many proactive <ulink url="http://fedoraproject.org/wiki/Security/Features">security features</ulink>.
+ </para>
</listitem>
<listitem>
- <para>A brand new graphical firewall configuration tool,
- <package>system-config-firewall</package>, replaces
- <package>system-config-securitylevel</package>.</para>
+ <para>The <package>glibc</package> package in Fedora 8 had support for passwords using SHA-256 and SHA-512 hashing. Previously, only DES and MD5 were available. These tools have been extended in Fedora 9. Password hashing using the SHA-256 and SHA-512 hash functions is now supported.
+ </para>
+ <para>To switch to SHA-256 or SHA-512 on an installed system, use <command>authconfig --passalgo=sha256 --update</command> or <command>authconfig --passalgo=sha512 --update</command>. Alternatively, use the <command>authconfig-gtk</command> GUI tool to configure the hashing method. Existing user accounts will not be affected until their passwords are changed.
+ </para>
+ <para>
+ SHA-512 is used by default on newly installed systems. Other algorithms can be configured only for kickstart installations, by using the <option>--passalgo</option> or <option>--enablemd5</option> options for the kickstart <option>auth</option> command. If your installation does not use kickstart, use <command>authconfig</command> as described above, and then change the root user password, and passwords for other users created after installation.
+ </para>
+ <para>New options were added to <package>libuser</package>, <package>pam</package>, and <package>shadow-utils</package>, to support these password hashing algorithms. Running <command>authconfig</command> configures all these options automatically, so it is not necessary to modify them manually.
+ </para>
</listitem>
<listitem>
- <para>This release offers <ulink
- url="http://danwalsh.livejournal.com/13376.html">Kiosk</ulink>
- functionality via SELinux, among many new enhancements and
- security policy changes.</para>
+ <para>New values for the <option>crypt_style</option> option, and the new options <option>hash_rounds_min</option>, and <option>hash_rounds_max</option>, are now supported in the <option>[defaults]</option> section of <filename>/etc/libuser.conf</filename>. Refer to the <command>libuser.conf(5)</command> man page for details.
+ </para>
</listitem>
<listitem>
- <para>The <package>glibc</package> package in Fedora 8 now has
- <ulink
- url="http://people.redhat.com/drepper/sha-crypt.html">support</ulink>
- for passwords using SHA256 and SHA512 hashing. Before only DES
- and MD5 were available. The tools to create passwords have not
- been extended yet, but if such passwords are created in others
- ways, <package>glibc</package> will recognize and honor
- them.</para>
+ <para>New options, <option>sha256</option>, <option>sha512</option>, and <option>rounds</option>, are now supported by the <filename>pam_unix</filename> PAM module. Refer to the <command>pam_unix(8)</command> man page for details.
+ </para>
</listitem>
<listitem>
- <para>Secure remote management capability is now provided for
- Xen, KVM, and QEMU in Fedora 8 <ulink
- url="http://berrange.com/personal/diary/2007/08/fedora-8-virtualization-work-in">virtualization</ulink>.</para>
+ <para>New options, <option>ENCRYPT_METHOD</option>, <option>SHA_CRYPT_MIN_ROUNDS</option>, and <option>SHA_CRYPT_MAX_ROUNDS</option>, are now supported in <filename>/etc/login.defs</filename>. Refer to the <command>login.defs(5)</command> man page for details. Corresponding options were added to <command>chpasswd(8)</command> and <command>newusers(8)</command>.
+ </para>
</listitem>
</itemizedlist>
</section>
More information about the Fedora-docs-commits
mailing list