(→Security: added SSSD) |
|||
Line 19: | Line 19: | ||
=== SHA-2 support === | === SHA-2 support === | ||
Fedora now uses the SHA-256 digest algorithm for data verification and authentication in more places than before, migrating from the weaker SHA-1 and MD5 algorithms. Where possible, the migration was transparent; in other places the default configuration was changed or manual configuration is necessary to use the stronger algorithms. |
Revision as of 18:45, 2 April 2009
Security
This section highlights various security items from Fedora.
Fingerprint Readers
Fingerprint readers are now better integrated with Fedora 11. Gnome users can easily setup fingerprint authentication using gnome-about-me
, and will allow the ability to login from both gdm
and gnome-screensaver
.
DNSSEC
DNSSEC (DNS SECurity) is mechanism which provides integrity and authenticity of DNS data.
System Security Services Daemon
The SSSD is intended to provide several key feature enhancements to Fedora. The first being the addition of offline caching for network credentials. Authentication through the SSSD will potentially allow LDAP, NIS, and FreeIPA services to provide an offline mode, to ease the use of centrally managing laptop users.
The LDAP features will also add support for connection pooling. All communication to the ldap server will happen over a single persistent connection, reducing the overhead of opening a new socket for each request. The SSSD will also add support for multiple LDAP/NIS domains. It will be possible to connect to two or more LDAP/NIS servers acting as separate user namespaces.
SHA-2 support
Fedora now uses the SHA-256 digest algorithm for data verification and authentication in more places than before, migrating from the weaker SHA-1 and MD5 algorithms. Where possible, the migration was transparent; in other places the default configuration was changed or manual configuration is necessary to use the stronger algorithms.