Anon Lister wrote:
I'd also like to throw in that the requirements you are facing are
likely requiring FIPS Certified, not just compliant, as I'm somewhat
familiar with them. (800-53 or 800-171)

Essentially it will have to fall back on the FIPS compliant openssl
implementation, however I believe there are other crypto routines used
in free IPA that are used to protect the confidentiality of information?
Can we get a response from devs on that?

IPA mostly uses NSS for its crypto.

rob

The crypto only has to be FIPS if protecting confidentiality is its use.
Crypto protecting integrity only does not need to be FIPS.


On Aug 4, 2016 9:27 AM, "Michael Sean Conley"
<michael.sean.con...@raytheon.com
<mailto:michael.sean.con...@raytheon.com>> wrote:

    Does ANYONE have any experience getting IPA to work with FIPS?

    We're trying desperately to get this going, as we have some
    requirements that the Identity Management Tool we choose must be
    FIPS 140-2 compliant.

    AAAARRRRGGHHH

    *Michael Sean Conley*


    --
    Manage your subscription for the Freeipa-users mailing list:
    https://www.redhat.com/mailman/listinfo/freeipa-users
    <https://www.redhat.com/mailman/listinfo/freeipa-users>
    Go to http://freeipa.org for more info on the project





--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to