This could be in "report an issue" territory I think in that case. Seems easy to reproduce.
> On 30 Aug 2019, at 02:15, Paul Whitney <paul.whit...@mac.com> wrote: > > Hi William, > > It is an issue with FIPS. You are correct there are differences between the > pin.txt file used in admin-serv and the slap instances. However, I went into > grub.conf and changed fips=1 to fips=0. Rebooted the system and the > dirsrv-admin process started right up. DISA hardening requires FIPS enabled > OS. So this may be one of those issues that will come back again. In the > meantime, we will look at finding a waiver. > > > Thanks, > Paul > >> On Aug 28, 2019, at 7:10 PM, William Brown <wbr...@suse.de> wrote: >> >> If memory serves correctly ... there are some un-resolved issues between >> dirsrv-admin + fips. I remember discussing this with Mark as something that >> may fall into the "fix when someone runs into it" because that combination >> we thought would be rare. >> >> But I'm not sure that this issue here is a fips one? I've seen another issue >> lately where the dirsrv-admin used a different pin.txt to the >> dirsrvinstances, but I'm not sure of the details. >> >> Are there fresh installs of ds? Or upgrades? >> >>> On 28 Aug 2019, at 05:51, Paul Whitney <paul.whit...@chesapeake-it.com> >>> wrote: >>> >>> Hi guys, >>> >>> I have SSL enabled both slapd instances and dirsrv-admin on FIPS enabled >>> CentOS 7. The instances seem to start up no problem. However, the admin >>> console (dirsrv-admin) is complaining the password credentials are not >>> valid for the NSS FIPS 140-2 DB even through the exact same credentials are >>> presented to the SLAPD instances. I am using a pin.txt file in the correct >>> format for both SLAPD and DIRSRV-ADMIN. >>> >>> Are there compatibility issues with FIPS and 389-DS admin-serv? >>> >>> Paul M. Whitney >>> _______________________________________________ >>> 389-users mailing list -- 389-users@lists.fedoraproject.org >>> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org >>> Fedora Code of Conduct: >>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>> List Archives: >>> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org >> >> — >> Sincerely, >> >> William Brown >> >> Senior Software Engineer, 389 Directory Server >> SUSE Labs >> _______________________________________________ >> 389-users mailing list -- 389-users@lists.fedoraproject.org >> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org > > _______________________________________________ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org — Sincerely, William Brown Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
