release-notes/devel/en_US Security.xml,1.15,1.16

Murray McAllister (mdious) fedora-docs-commits at redhat.com
Sat Mar 15 11:09:21 UTC 2008 

Author: mdious

Update of /cvs/docs/release-notes/devel/en_US
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10371/release-notes/en_US

Modified Files:
	Security.xml 
Log Message:
updating Security as per current content on Beats/Security



Index: Security.xml
===================================================================
RCS file: /cvs/docs/release-notes/devel/en_US/Security.xml,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- Security.xml	8 Oct 2007 23:10:13 -0000	1.15
+++ Security.xml	15 Mar 2008 11:09:18 -0000	1.16
@@ -20,38 +20,31 @@
     <title>Security Enhancements</title>
     <itemizedlist>
       <listitem>
-	<para>Fedora continues to improve its many proactive <ulink
-	    url="http://fedoraproject.org/wiki/Security/Features">security 
-	    features</ulink>, and FORTIFY_SOURCE has now been <ulink
-	    url="https://www.redhat.com/archives/fedora-devel-announce/2007-September/msg00015.html">enhanced</ulink> 
-	  to cover C++ in addition to C, which prevents many security
-	  exploits.</para>
+	      <para>Fedora continues to improve its many proactive <ulink url="http://fedoraproject.org/wiki/Security/Features">security features</ulink>.
+	      </para>
       </listitem>
       <listitem>
-	<para>A brand new graphical firewall configuration tool,
-	  <package>system-config-firewall</package>, replaces
-	  <package>system-config-securitylevel</package>.</para>
+	      <para>The <package>glibc</package> package in Fedora 8 had support for passwords using SHA-256 and SHA-512 hashing. Previously, only DES and MD5 were available. These tools have been extended in Fedora 9. Password hashing using the SHA-256 and SHA-512 hash functions is now supported.
+	      </para>
+	      <para>To switch to SHA-256 or SHA-512 on an installed system, use <command>authconfig --passalgo=sha256 --update</command> or <command>authconfig --passalgo=sha512 --update</command>. Alternatively, use the <command>authconfig-gtk</command> GUI tool to configure the hashing method. Existing user accounts will not be affected until their passwords are changed.
+	      </para>
+	      <para>
+		      SHA-512 is used by default on newly installed systems. Other algorithms can be configured only for kickstart installations, by using the <option>--passalgo</option> or <option>--enablemd5</option> options for the kickstart <option>auth</option> command. If your installation does not use kickstart, use <command>authconfig</command> as described above, and then change the root user password, and passwords for other users created after installation.
+	      </para>
+	      <para>New options were added to <package>libuser</package>, <package>pam</package>, and <package>shadow-utils</package>, to support these password hashing algorithms. Running <command>authconfig</command> configures all these options automatically, so it is not necessary to modify them manually.
+	      </para>
       </listitem>
       <listitem>
-	<para>This release offers <ulink
-	    url="http://danwalsh.livejournal.com/13376.html">Kiosk</ulink> 
-	  functionality via SELinux, among many new enhancements and
-	  security policy changes.</para>
+	      <para>New values for the <option>crypt_style</option> option, and the new options <option>hash_rounds_min</option>, and <option>hash_rounds_max</option>, are now supported in the <option>[defaults]</option> section of <filename>/etc/libuser.conf</filename>. Refer to the <command>libuser.conf(5)</command> man page for details.
+	      </para>
       </listitem>
       <listitem>
-	<para>The <package>glibc</package> package in Fedora 8 now has
-	  <ulink
-	    url="http://people.redhat.com/drepper/sha-crypt.html">support</ulink> 
-	  for passwords using SHA256 and SHA512 hashing. Before only DES
-	  and MD5 were available. The tools to create passwords have not
-	  been extended yet, but if such passwords are created in others
-	  ways, <package>glibc</package> will recognize and honor
-	  them.</para>
+	      <para>New options, <option>sha256</option>, <option>sha512</option>, and <option>rounds</option>, are now supported by the <filename>pam_unix</filename> PAM module. Refer to the <command>pam_unix(8)</command> man page for details.
+	      </para>
       </listitem>
       <listitem>
-	<para>Secure remote management capability is now provided for
-	  Xen, KVM, and QEMU in Fedora 8 <ulink
-	    url="http://berrange.com/personal/diary/2007/08/fedora-8-virtualization-work-in">virtualization</ulink>.</para>
+	      <para>New options, <option>ENCRYPT_METHOD</option>, <option>SHA_CRYPT_MIN_ROUNDS</option>, and <option>SHA_CRYPT_MAX_ROUNDS</option>, are now supported in <filename>/etc/login.defs</filename>. Refer to the <command>login.defs(5)</command> man page for details. Corresponding options were added to <command>chpasswd(8)</command> and <command>newusers(8)</command>.
+	      </para>
       </listitem>
     </itemizedlist>
   </section>

More information about the Fedora-docs-commits mailing list