> > On Friday, July 8th, 2022 at 1:02 PM, Rob Crittenden [email protected] > > wrote: > >
> > > Not sure what you mean by "wire traffic". It's a vault so perhaps you > > > stored some keys there. IPA already encrypts all its own internal traffic. > > > > When I first installed FreeIPA it did not yet default to encrypted traffic > > for all accesses. > > > Can you expand on this? Literally all the KRA does is store secrets. It > does not protect traffic unless you manually use those secrets to do so. > Sorry for muddling my description. I was attempting to only show relative time frames. At about the same time, I was making changes to get wire traffic encrypted and ALSO thinking of switching some of my libvirt VMs to containers, which would require shared vaults. I made my changes for encrypted traffic about 6 weeks before the release that heralded all traffic being encrypted by default. KRA was installed but no vaults actually deployed since I decided to stick with VMs for now. > There are URI records like: > > kpasswd.example.test. 3600 IN URI 0 100 "krb5srv:m:tcp:ipa.example.test." Thanks. > > The word match for 'secret=(\w+)$' fails if the first character of the > > secret isn't alphanumeric. It would incorrectly handle a secret with > > embedded special characters, though I don't think it would trigger an > > error, except when the initial alphanumeric portion of the secret was in > > fact different. > > > Ok yeah, bad regex. Reported at https://github.com/freeipa/freeipa-healthcheck/issues/275 Best regards, Eric
signature.asc
Description: OpenPGP digital signature
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
