Standa Laznicka wrote:
> Hello,
> 
> I started a design page for FreeIPA on FIPS-enabled systems:
> https://www.freeipa.org/page/V4/FreeIPA-on-FIPS
> 
> Me and Tomáš are still investigating what of all things will need to
> change in order to have FreeIPA on FIPS-enabled RHEL. So far I managed
> to install and run patched FreeIPA server and client and connect them
> together.
> 
> There are some issues with NSS when trying to create an HTTPS request
> (apparently, NSS requires an NSS database password to set up an SSL
> connection). I am actually thinking of removing NSSConnection from the
> client altogether.

Can you expand on this a bit? NSS should only need a pin when it needs
access to a private key. What connection(s) are you talking about, and
what would you replace NSSConnection with?

rob

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to