Use Case
FIPS 140-2 is a security standard for cryptographic modules, which is widely accepted and referenced by other standards organizations such as Payment Card Industry (PCI), Internet Engineering Task Force (IETF), and is in the process of moving towards an ISO standard. It covers cryptographic modules, which is a term that refers to software or hardware performing cryptographic operations.
Symptoms
Enabling FIPS in linux systems such as Red Hat Enterprise Linux, CentOS, etc disables certain modules that are not FIPS 140-2 compliant. This breaks the ability to perform some functions by the agent for linux when installed on a system with the FIPS mode enabled.
Root Cause
Attempting to backup to an SMB/CIFS location using the agent for linux while the FIPS mode is enabled will result in an error due to md4 and md5 being disabled which prevents users from using NTLM, NTLMv2 or NTLMSSP authentication. Additionally signing cannot be used since it uses md5. Any CIFS mount which uses these methods will break when FIPS mode is enabled.
Solution
Our recommendation is to use NFS when possible. Please reference section 5.3 of our User Guide for more information.