URL: https://github.com/freeipa/freeipa/pull/482
Title: #482: Don't count service/host/user cert md5 fprints in FIPS

MartinBasti commented:
I don't think that this is a good way how to handle backward compatibility. 
With FIPS mode enabled there is no md5 backward compatibility and users should 
adapt their automation. In case that  IPA API is used directly it will contain 
a garbage and it may not be catched faster enough by any automation on user 
side. We should not provide anything related to md5 under FIPS mode and let any 
possible automation using IPA API to fail early on missing values.

See the full comment at 
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to