From Fedora Project Wiki

(→‎Security: added fingerprint and dnsec)
(→‎Security: added SSSD)
Line 11: Line 11:
DNSSEC (DNS SECurity) is mechanism which provides integrity and authenticity of DNS data.
DNSSEC (DNS SECurity) is mechanism which provides integrity and authenticity of DNS data.


=== System Security Services Daemon ===
 
The SSSD is intended to provide several key feature enhancements to Fedora. The first being the addition of offline caching for network credentials. Authentication through the SSSD will potentially allow LDAP, NIS, and FreeIPA services to provide an offline mode, to ease the use of centrally managing laptop users.
 
The LDAP features will also add support for connection pooling. All communication to the ldap server will happen over a single persistent connection, reducing the overhead of opening a new socket for each request. The SSSD will also add support for multiple LDAP/NIS domains. It will be possible to connect to two or more LDAP/NIS servers acting as separate user namespaces.


=== SHA-2 support ===
=== SHA-2 support ===


TBD: application-specific notes about SHA-2 will go here.  See [[Features/StrongerHashes#Release_Notes]] and [[Hash_algorithm_migration_status#Configuration]].
TBD: application-specific notes about SHA-2 will go here.  See [[Features/StrongerHashes#Release_Notes]] and [[Hash_algorithm_migration_status#Configuration]].

Revision as of 18:40, 2 April 2009

Security

This section highlights various security items from Fedora.

Fingerprint Readers

Fingerprint readers are now better integrated with Fedora 11. Gnome users can easily setup fingerprint authentication using gnome-about-me, and will allow the ability to login from both gdm and gnome-screensaver.

DNSSEC

DNSSEC (DNS SECurity) is mechanism which provides integrity and authenticity of DNS data.

System Security Services Daemon

The SSSD is intended to provide several key feature enhancements to Fedora. The first being the addition of offline caching for network credentials. Authentication through the SSSD will potentially allow LDAP, NIS, and FreeIPA services to provide an offline mode, to ease the use of centrally managing laptop users.

The LDAP features will also add support for connection pooling. All communication to the ldap server will happen over a single persistent connection, reducing the overhead of opening a new socket for each request. The SSSD will also add support for multiple LDAP/NIS domains. It will be possible to connect to two or more LDAP/NIS servers acting as separate user namespaces.

SHA-2 support

TBD: application-specific notes about SHA-2 will go here. See Features/StrongerHashes#Release_Notes and Hash_algorithm_migration_status#Configuration.