Chapter 90. Identity Management security settings

This section describes security-related features of Identity Management.

90.1. How Identity Management applies default security settings

By default, Identity Management (IdM) on RHEL 8 uses the system-wide crypto policy. The benefit of this policy is that you do not need to harden individual IdM components manually.

Important

Red Hat recommends that you use the system-wide crypto policy. Changing individual security settings can break components of IdM. For example, Java in RHEL 8 does not fully support the TLS 1.3 protocol. Therefore, using this protocol can cause failures in IdM.

Additional resources

For further details about the system-wide crypto policies, see the crypto-policies(7) man page.

90.2. Anonymous LDAP binds in Identity Management

By default, anonymous binds to the Identity Management (IdM) LDAP server are enabled. Anonymous binds can expose certain configuration settings or directory values. However, some utilities, such as realmd, or older RHEL clients require anonymous binds enabled to discover domain settings when enrolling a client.

Additional resources

For details about disabling anonymous binds in the IdM LDAP server, see the Disabling Anonymous Binds section in the Red Hat Directory Server 11 Administration Guide.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories

Red Hat Training

Chapter 90. Identity Management security settings

90.1. How Identity Management applies default security settings

90.2. Anonymous LDAP binds in Identity Management