Standa Laznicka wrote: > Hello, > > I started a design page for FreeIPA on FIPS-enabled systems: > https://www.freeipa.org/page/V4/FreeIPA-on-FIPS > > Me and Tomáš are still investigating what of all things will need to > change in order to have FreeIPA on FIPS-enabled RHEL. So far I managed > to install and run patched FreeIPA server and client and connect them > together. > > There are some issues with NSS when trying to create an HTTPS request > (apparently, NSS requires an NSS database password to set up an SSL > connection). I am actually thinking of removing NSSConnection from the > client altogether.
Can you expand on this a bit? NSS should only need a pin when it needs access to a private key. What connection(s) are you talking about, and what would you replace NSSConnection with? rob -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code