[Freeipa-users] IPA and FIPS 140-2
Michael Sean Conley
Michael.Sean.Conley at raytheon.com
Mon Aug 8 14:24:00 UTC 2016
Yep, did so right away. and yes, this is for the future state of IPA.
Michael Sean Conley
Hardware/Infrastructure
Intelligence, Information and Services
Raytheon Company
972-643-9887 (office)
Michael.Sean.Conley at raytheon.com
From: Martin Kosek <mkosek at redhat.com>
To: Michael Sean Conley <Michael.Sean.Conley at raytheon.com>, Rob
Crittenden <rcritten at redhat.com>
Cc: freeipa-users at redhat.com
Date: 08/05/2016 06:33 AM
Subject: Re: [Freeipa-users] IPA and FIPS 140-2
Are you now asking about when upstream version is FIPS compliant or some
downstream distribution? If you are asking about RHEL, as indicated by
https://bugzilla.redhat.com/show_bug.cgi?id=1125174
the bug is still in a NEW state. Given the state of RHEL-7.3 life cycle, it
is
too late to add it there.
However, as Rob mentioned, it would really great if you file a support case
(if
we are talking about RHEL) and get it linked to that bug. Due to the
interest,
it is already high in the RHEL-7.4 considerations, but adding +1 won't hurt
and
you may also receive updates on development status.
Martin
On 08/04/2016 06:40 PM, Michael Sean Conley wrote:
> Is there any indication of a timeframe for it to become FIPS compliant?
If we
> are talking weeks, rather than years...
>
> *Michael Sean Conley*
>
>
> Inactive hide details for Rob Crittenden ---08/04/2016 11:37:23
AM---Michael
> Sean Conley wrote: > Does ANYONE have any experienRob Crittenden
---08/04/2016
> 11:37:23 AM---Michael Sean Conley wrote: > Does ANYONE have any
experience
> getting IPA to work with FIPS?
>
> From: Rob Crittenden <rcritten at redhat.com>
> To: Michael Sean Conley <Michael.Sean.Conley at raytheon.com>,
> freeipa-users at redhat.com
> Date: 08/04/2016 11:37 AM
> Subject: Re: [Freeipa-users] IPA and FIPS 140-2
>
>
-------------------------------------------------------------------------------
>
>
>
> Michael Sean Conley wrote:
>> Does ANYONE have any experience getting IPA to work with FIPS?
>>
>> We're trying desperately to get this going, as we have some requirements
>> that the Identity Management Tool we choose must be FIPS 140-2
compliant.
>
> No, it doesn't work in FIPS mode yet. If you open a support case with
> Red Hat your case can be added to
> https://bugzilla.redhat.com/show_bug.cgi?id=1125174
>
> While most, if not all, of the individual components can run in FIPS
> mode there are a lot of moving parts to coordinate to ensure they comply
> with the FIPS Security Policy and to handle some corner cases in the
> management framework.
>
> rob
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160808/193e0b69/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160808/193e0b69/attachment.gif>
More information about the Freeipa-users
mailing list