16 lines
561 B
ReStructuredText
Raw Normal View History

The STIG requires SHA512 to be used for hashing password since it is
in the list of FIPS 140-2 approved hashing algorithms. This is also the
default in Ubuntu 14.04.
The Ansible tasks will verify that the secure default is still set in the
system's PAM configuration. If it has been altered, the playbook will fail
and display an error.
Further reading:
* `FIPS 140-2 on Wikipedia`_
* `FIPS 140-2 from NIST`_
.. _FIPS 140-2 on Wikipedia: https://en.wikipedia.org/wiki/FIPS_140-2
.. _FIPS 140-2 from NIST: http://csrc.nist.gov/groups/STM/cmvp/standards.html