[Freeipa-devel] [freeipa PR#482][comment] Don't count service/host/user cert md5 fprints in FIPS
MartinBasti
freeipa-github-notification at redhat.com
Mon Feb 20 14:14:39 UTC 2017
URL: https://github.com/freeipa/freeipa/pull/482
Title: #482: Don't count service/host/user cert md5 fprints in FIPS
MartinBasti commented:
"""
I don't think that this is a good way how to handle backward compatibility. With FIPS mode enabled there is no md5 backward compatibility and users should adapt their automation. In case that IPA API is used directly it will contain a garbage and it may not be catched faster enough by any automation on user side. We should not provide anything related to md5 under FIPS mode and let any possible automation using IPA API to fail early on missing values.
"""
See the full comment at https://github.com/freeipa/freeipa/pull/482#issuecomment-281089720
More information about the Freeipa-devel
mailing list