[Freeipa-devel] [PATCH] 0008 Do not allow installation in FIPS mode
Rob Crittenden
rcritten at redhat.com
Mon Jun 27 13:57:46 UTC 2016
Gabe Alford wrote:
> On Mon, Jun 27, 2016 at 12:38 AM, Florence Blanc-Renaud
> <frenaud at redhat.com <mailto:frenaud at redhat.com>> wrote:
>
> Hi,
>
> this fix is a port of Bug 1131570 - Do not allow IdM
> server/replica/client installation in a FIPS-140 mode
> It prevents installation of FreeIPA if the host is fips-enabled.
>
> https://fedorahosted.org/freeipa/ticket/5761
>
>
> Shouldn't this be about fixing FreeIPA to allow installation/operation
> in FIPS mode rather than disabling it? There are many environments where
> FIPS is required, and FreeIPA should support it.
This is a stop-gap measure to provide users with reasonable feedback on
the current state of things.
Getting FIPS working, particularly in the server, is a somewhat
non-trivial task.
rob
More information about the Freeipa-devel
mailing list