[Freeipa-users] IPA and FIPS 140-2
Rob Crittenden
rcritten at redhat.com
Thu Aug 4 17:36:18 UTC 2016
Anon Lister wrote:
> I'd also like to throw in that the requirements you are facing are
> likely requiring FIPS Certified, not just compliant, as I'm somewhat
> familiar with them. (800-53 or 800-171)
>
> Essentially it will have to fall back on the FIPS compliant openssl
> implementation, however I believe there are other crypto routines used
> in free IPA that are used to protect the confidentiality of information?
> Can we get a response from devs on that?
IPA mostly uses NSS for its crypto.
rob
> The crypto only has to be FIPS if protecting confidentiality is its use.
> Crypto protecting integrity only does not need to be FIPS.
>
>
> On Aug 4, 2016 9:27 AM, "Michael Sean Conley"
> <Michael.Sean.Conley at raytheon.com
> <mailto:Michael.Sean.Conley at raytheon.com>> wrote:
>
> Does ANYONE have any experience getting IPA to work with FIPS?
>
> We're trying desperately to get this going, as we have some
> requirements that the Identity Management Tool we choose must be
> FIPS 140-2 compliant.
>
> AAAARRRRGGHHH
>
> *Michael Sean Conley*
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> <https://www.redhat.com/mailman/listinfo/freeipa-users>
> Go to http://freeipa.org for more info on the project
>
>
>
>
More information about the Freeipa-users
mailing list