[Freeipa-users] IPA and FIPS 140-2
Martin Kosek
mkosek at redhat.com
Fri Aug 5 11:33:21 UTC 2016
Are you now asking about when upstream version is FIPS compliant or some
downstream distribution? If you are asking about RHEL, as indicated by
https://bugzilla.redhat.com/show_bug.cgi?id=1125174
the bug is still in a NEW state. Given the state of RHEL-7.3 life cycle, it is
too late to add it there.
However, as Rob mentioned, it would really great if you file a support case (if
we are talking about RHEL) and get it linked to that bug. Due to the interest,
it is already high in the RHEL-7.4 considerations, but adding +1 won't hurt and
you may also receive updates on development status.
Martin
On 08/04/2016 06:40 PM, Michael Sean Conley wrote:
> Is there any indication of a timeframe for it to become FIPS compliant? If we
> are talking weeks, rather than years...
>
> *Michael Sean Conley*
>
>
> Inactive hide details for Rob Crittenden ---08/04/2016 11:37:23 AM---Michael
> Sean Conley wrote: > Does ANYONE have any experienRob Crittenden ---08/04/2016
> 11:37:23 AM---Michael Sean Conley wrote: > Does ANYONE have any experience
> getting IPA to work with FIPS?
>
> From: Rob Crittenden <rcritten at redhat.com>
> To: Michael Sean Conley <Michael.Sean.Conley at raytheon.com>,
> freeipa-users at redhat.com
> Date: 08/04/2016 11:37 AM
> Subject: Re: [Freeipa-users] IPA and FIPS 140-2
>
> -------------------------------------------------------------------------------
>
>
>
> Michael Sean Conley wrote:
>> Does ANYONE have any experience getting IPA to work with FIPS?
>>
>> We're trying desperately to get this going, as we have some requirements
>> that the Identity Management Tool we choose must be FIPS 140-2 compliant.
>
> No, it doesn't work in FIPS mode yet. If you open a support case with
> Red Hat your case can be added to
> https://bugzilla.redhat.com/show_bug.cgi?id=1125174
>
> While most, if not all, of the individual components can run in FIPS
> mode there are a lot of moving parts to coordinate to ensure they comply
> with the FIPS Security Policy and to handle some corner cases in the
> management framework.
>
> rob
>
>
>
More information about the Freeipa-users
mailing list