DDL Reference Guide » Configuration Mode

flag no-fips

Mode: Configuration Mode

Description:

The no-fips flag indicates that the object or attribute is not allowed in FIPS mode.

Example:

Only sha1 encryption satisfy FIPS requirement for login passwords, md5
and des cannot be used for FIPS.

system.cnf.dd

        object password {
            ....

            attribute format {
                type enum string {
                    choice sha1 {
                        help "Secure Hash Algorithm 1";
                    }
                    choice md5 {
                        flag no-fips;
                        help "Message Digest 5";
                    }
                    choice des {
                        flag no-fips;
                        help "Digital Encryption Standard";
                    }
                }
            }
        }

Display:

FIPS router
        user@frouter> show version
        Hostname: frouter
        Model: t320
        JUNOS Software Release [8.1R1] (FIPS edition)
        user@frouter> configure
        Entering configuration mode

        [edit]
        user@frouter# set system login password format ?
        Possible completions:
          sha1                 Secure Hash Algorithm 1
        [edit]

non-FIPS router
        user@router> show version
        Hostname: router
        JUNOS Software Release [8.1R1]
        user@router> configure
        Entering configuration mode

        [edit]
        user@router# set system login password format ?
        Possible completions:
          des                  Digital Encryption Standard
          md5                  Message Digest 5
          sha1                 Secure Hash Algorithm 1
        [edit]

Topics for further reading:

See also:

Reference (to programmers guide/style guide):

© 2007-2008 Juniper Networks, Inc. All rights reserved. The information contained herein is confidential information of Juniper Networks, Inc., and may not be used, disclosed, distributed, modified, or copied without the prior written consent of Juniper Networks, Inc. in an express license. This information is subject to change by Juniper Networks, Inc. Juniper Networks, the Juniper Networks logo, and JUNOS are trademarks of Juniper Networks, Inc.
Generated on Sun May 30 20:23:12 2010 for DDL Reference Guide by doxygen 1.4.5