[Freeipa-devel] [DESIGN] FreeIPA on FIPS + NSS question
Rob Crittenden
rcritten at redhat.com
Fri Dec 16 14:23:38 UTC 2016
Standa Laznicka wrote:
> Hello,
>
> I started a design page for FreeIPA on FIPS-enabled systems:
> https://www.freeipa.org/page/V4/FreeIPA-on-FIPS
>
> Me and Tomáš are still investigating what of all things will need to
> change in order to have FreeIPA on FIPS-enabled RHEL. So far I managed
> to install and run patched FreeIPA server and client and connect them
> together.
>
> There are some issues with NSS when trying to create an HTTPS request
> (apparently, NSS requires an NSS database password to set up an SSL
> connection). I am actually thinking of removing NSSConnection from the
> client altogether.
Can you expand on this a bit? NSS should only need a pin when it needs
access to a private key. What connection(s) are you talking about, and
what would you replace NSSConnection with?
rob
More information about the Freeipa-devel
mailing list