[Freeipa-devel] [DESIGN] FreeIPA on FIPS + NSS question
Standa Laznicka
slaznick at redhat.com
Fri Dec 16 12:26:36 UTC 2016
Hello,
I started a design page for FreeIPA on FIPS-enabled systems:
https://www.freeipa.org/page/V4/FreeIPA-on-FIPS
Me and Tomáš are still investigating what of all things will need to
change in order to have FreeIPA on FIPS-enabled RHEL. So far I managed
to install and run patched FreeIPA server and client and connect them
together.
There are some issues with NSS when trying to create an HTTPS request
(apparently, NSS requires an NSS database password to set up an SSL
connection). I am actually thinking of removing NSSConnection from the
client altogether.
Best regards,
Standa
P.S: we've got some Ansible scripts that help us setup FIPS in our
testing environment and build FreeIPA on RHEL 7.3 in our internal IdM
gitlab (sorry, communities, we'll release them to the public later, they
might currently make your eyes bleed as we're not so good w/ Ansible yet).
More information about the Freeipa-devel
mailing list