Hello,

I started a design page for FreeIPA on FIPS-enabled systems: https://www.freeipa.org/page/V4/FreeIPA-on-FIPS

Me and Tomáš are still investigating what of all things will need to change in order to have FreeIPA on FIPS-enabled RHEL. So far I managed to install and run patched FreeIPA server and client and connect them together.

There are some issues with NSS when trying to create an HTTPS request (apparently, NSS requires an NSS database password to set up an SSL connection). I am actually thinking of removing NSSConnection from the client altogether.

Best regards,
Standa

P.S: we've got some Ansible scripts that help us setup FIPS in our testing environment and build FreeIPA on RHEL 7.3 in our internal IdM gitlab (sorry, communities, we'll release them to the public later, they might currently make your eyes bleed as we're not so good w/ Ansible yet).

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to