<html><body> Yep, did so right away. and yes, this is for the future state of IPA. Michael Sean Conley Hardware/Infrastructure Intelligence, Information and Services Raytheon Company 972-643-9887 (office) Michael.Sean.Conley@raytheon.com <img width="16" height="16" src="cid:1__=09BB0A9ADFDC8ABD8f9e8a93df9@raytheon.com" border="0" alt="Inactive hide details for Martin Kosek ---08/05/2016 06:33:27 AM---Are you now asking about when upstream version is FIPS compl">Martin Kosek ---08/05/2016 06:33:27 AM---Are you now asking about when upstream version is FIPS compliant or some downstream distribution? If From: Martin Kosek <mkosek@redhat.com> To: Michael Sean Conley <Michael.Sean.Conley@raytheon.com>, Rob Crittenden <rcritten@redhat.com> Cc: freeipa-users@redhat.com Date: 08/05/2016 06:33 AM Subject: Re: [Freeipa-users] IPA and FIPS 140-2 <hr width="100%" size="2" align="left" noshade style="color:#8091A5; "> <tt>Are you now asking about when upstream version is FIPS compliant or some downstream distribution? If you are asking about RHEL, as indicated by </tt><tt><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1125174">https://bugzilla.redhat.com/show_bug.cgi?id=1125174</a></tt><tt> the bug is still in a NEW state. Given the state of RHEL-7.3 life cycle, it is too late to add it there. However, as Rob mentioned, it would really great if you file a support case (if we are talking about RHEL) and get it linked to that bug. Due to the interest, it is already high in the RHEL-7.4 considerations, but adding +1 won't hurt and you may also receive updates on development status. Martin On 08/04/2016 06:40 PM, Michael Sean Conley wrote: > Is there any indication of a timeframe for it to become FIPS compliant? If we > are talking weeks, rather than years... > > *Michael Sean Conley* > > > Inactive hide details for Rob Crittenden ---08/04/2016 11:37:23 AM---Michael > Sean Conley wrote: > Does ANYONE have any experienRob Crittenden ---08/04/2016 > 11:37:23 AM---Michael Sean Conley wrote: > Does ANYONE have any experience > getting IPA to work with FIPS? > > From: Rob Crittenden <rcritten@redhat.com> > To: Michael Sean Conley <Michael.Sean.Conley@raytheon.com>, > freeipa-users@redhat.com > Date: 08/04/2016 11:37 AM > Subject: Re: [Freeipa-users] IPA and FIPS 140-2 > > ------------------------------------------------------------------------------- > > > > Michael Sean Conley wrote: >> Does ANYONE have any experience getting IPA to work with FIPS? >> >> We're trying desperately to get this going, as we have some requirements >> that the Identity Management Tool we choose must be FIPS 140-2 compliant. > > No, it doesn't work in FIPS mode yet. If you open a support case with > Red Hat your case can be added to > </tt><tt><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1125174">https://bugzilla.redhat.com/show_bug.cgi?id=1125174</a></tt><tt> > > While most, if not all, of the individual components can run in FIPS > mode there are a lot of moving parts to coordinate to ensure they comply > with the FIPS Security Policy and to handle some corner cases in the > management framework. > > rob > > > </tt> </body></html>