[Freeipa-users] IPA and FIPS 140-2

Martin Kosek mkosek at redhat.com
Tue Aug 9 06:20:26 UTC 2016 

Ok, good! BTW, I opened the IPA and FIPS bug to the public, so that everyone
can track the progress:

https://bugzilla.redhat.com/show_bug.cgi?id=1125174

Martin

On 08/08/2016 04:24 PM, Michael Sean Conley wrote:
> Yep, did so right away.  and yes, this is for the future state of IPA.
> 
> 
> *Michael Sean Conley*
> Hardware/Infrastructure
> Intelligence, Information and Services
> *Raytheon Company*
> 972-643-9887 (office)
> 
> Michael.Sean.Conley at raytheon.com
> 
> Inactive hide details for Martin Kosek ---08/05/2016 06:33:27 AM---Are you now
> asking about when upstream version is FIPS complMartin Kosek ---08/05/2016
> 06:33:27 AM---Are you now asking about when upstream version is FIPS compliant
> or some downstream distribution? If
> 
> From: Martin Kosek <mkosek at redhat.com>
> To: Michael Sean Conley <Michael.Sean.Conley at raytheon.com>, Rob Crittenden
> <rcritten at redhat.com>
> Cc: freeipa-users at redhat.com
> Date: 08/05/2016 06:33 AM
> Subject: Re: [Freeipa-users] IPA and FIPS 140-2
> 
> -------------------------------------------------------------------------------
> 
> 
> 
> Are you now asking about when upstream version is FIPS compliant or some
> downstream distribution? If you are asking about RHEL, as indicated by
> https://bugzilla.redhat.com/show_bug.cgi?id=1125174
> the bug is still in a NEW state. Given the state of RHEL-7.3 life cycle, it is
> too late to add it there.
> 
> However, as Rob mentioned, it would really great if you file a support case (if
> we are talking about RHEL) and get it linked to that bug. Due to the interest,
> it is already high in the RHEL-7.4 considerations, but adding +1 won't hurt and
> you may also receive updates on development status.
> 
> Martin
> 
> On 08/04/2016 06:40 PM, Michael Sean Conley wrote:
>> Is there any indication of a timeframe for it to become FIPS compliant?  If we
>> are talking weeks, rather than years...
>>
>> *Michael Sean Conley*
>>
>>
>> Inactive hide details for Rob Crittenden ---08/04/2016 11:37:23 AM---Michael
>> Sean Conley wrote: > Does ANYONE have any experienRob Crittenden ---08/04/2016
>> 11:37:23 AM---Michael Sean Conley wrote: > Does ANYONE have any experience
>> getting IPA to work with FIPS?
>>
>> From: Rob Crittenden <rcritten at redhat.com>
>> To: Michael Sean Conley <Michael.Sean.Conley at raytheon.com>,
>> freeipa-users at redhat.com
>> Date: 08/04/2016 11:37 AM
>> Subject: Re: [Freeipa-users] IPA and FIPS 140-2
>>
>> -------------------------------------------------------------------------------
>>
>>
>>
>> Michael Sean Conley wrote:
>>> Does ANYONE have any experience getting IPA to work with FIPS?
>>>
>>> We're trying desperately to get this going, as we have some requirements
>>> that the Identity Management Tool we choose must be FIPS 140-2 compliant.
>>
>> No, it doesn't work in FIPS mode yet. If you open a support case with
>> Red Hat your case can be added to
>> https://bugzilla.redhat.com/show_bug.cgi?id=1125174
>>
>> While most, if not all, of the individual components can run in FIPS
>> mode there are a lot of moving parts to coordinate to ensure they comply
>> with the FIPS Security Policy and to handle some corner cases in the
>> management framework.
>>
>> rob
>>
>>
>>
> 
>

More information about the Freeipa-users mailing list