Yep, did so right away.  and yes, this is for the future state of IPA.

Michael Sean Conley
Hardware/Infrastructure
Intelligence, Information and Services
Raytheon Company
972-643-9887 (office)

michael.sean.con...@raytheon.com



From:   Martin Kosek <mko...@redhat.com>
To:     Michael Sean Conley <michael.sean.con...@raytheon.com>, Rob
            Crittenden <rcrit...@redhat.com>
Cc:     freeipa-users@redhat.com
Date:   08/05/2016 06:33 AM
Subject:        Re: [Freeipa-users] IPA and FIPS 140-2



Are you now asking about when upstream version is FIPS compliant or some
downstream distribution? If you are asking about RHEL, as indicated by
https://bugzilla.redhat.com/show_bug.cgi?id=1125174
the bug is still in a NEW state. Given the state of RHEL-7.3 life cycle, it
is
too late to add it there.

However, as Rob mentioned, it would really great if you file a support case
(if
we are talking about RHEL) and get it linked to that bug. Due to the
interest,
it is already high in the RHEL-7.4 considerations, but adding +1 won't hurt
and
you may also receive updates on development status.

Martin

On 08/04/2016 06:40 PM, Michael Sean Conley wrote:
> Is there any indication of a timeframe for it to become FIPS compliant?
If we
> are talking weeks, rather than years...
>
> *Michael Sean Conley*
>
>
> Inactive hide details for Rob Crittenden ---08/04/2016 11:37:23
AM---Michael
> Sean Conley wrote: > Does ANYONE have any experienRob Crittenden
---08/04/2016
> 11:37:23 AM---Michael Sean Conley wrote: > Does ANYONE have any
experience
> getting IPA to work with FIPS?
>
> From: Rob Crittenden <rcrit...@redhat.com>
> To: Michael Sean Conley <michael.sean.con...@raytheon.com>,
> freeipa-users@redhat.com
> Date: 08/04/2016 11:37 AM
> Subject: Re: [Freeipa-users] IPA and FIPS 140-2
>
>
-------------------------------------------------------------------------------

>
>
>
> Michael Sean Conley wrote:
>> Does ANYONE have any experience getting IPA to work with FIPS?
>>
>> We're trying desperately to get this going, as we have some requirements
>> that the Identity Management Tool we choose must be FIPS 140-2
compliant.
>
> No, it doesn't work in FIPS mode yet. If you open a support case with
> Red Hat your case can be added to
> https://bugzilla.redhat.com/show_bug.cgi?id=1125174
>
> While most, if not all, of the individual components can run in FIPS
> mode there are a lot of moving parts to coordinate to ensure they comply
> with the FIPS Security Policy and to handle some corner cases in the
> management framework.
>
> rob
>
>
>

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to