[Freeipa-devel] [freeipa PR#437][comment] FIPS: replica install check
URL: https://github.com/freeipa/freeipa/pull/437 Title: #437: FIPS: replica install check MartinBasti commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/3372ad2766c0d182fa88c8bc28cf43477dc4cb3b https://fedorahosted.org/freeipa/changeset/7292890042677ae40faa44753ebf570db6c19e7c https://fedorahosted.org/freeipa/changeset/62e884ff7f037a28a15d61cc9fa9c46e5c40cda5 https://fedorahosted.org/freeipa/changeset/397ca71e897b42a23ed4ef294fca367c1542a2aa https://fedorahosted.org/freeipa/changeset/cf25ea7e300cdada57bd964acb4393cc11ad333e """ See the full comment at https://github.com/freeipa/freeipa/pull/437#issuecomment-281390101 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#437][comment] FIPS: replica install check
URL: https://github.com/freeipa/freeipa/pull/437 Title: #437: FIPS: replica install check MartinBasti commented: """ Needs rebase """ See the full comment at https://github.com/freeipa/freeipa/pull/437#issuecomment-281361284 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#437][comment] FIPS: replica install check
URL: https://github.com/freeipa/freeipa/pull/437 Title: #437: FIPS: replica install check stlaz commented: """ 3 LGTM + tests passing seems like a good enough reason for ACK to me. """ See the full comment at https://github.com/freeipa/freeipa/pull/437#issuecomment-281336192 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#437][comment] FIPS: replica install check
URL: https://github.com/freeipa/freeipa/pull/437 Title: #437: FIPS: replica install check HonzaCholasta commented: """ LGTM. """ See the full comment at https://github.com/freeipa/freeipa/pull/437#issuecomment-281333137 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#437][comment] FIPS: replica install check
URL: https://github.com/freeipa/freeipa/pull/437 Title: #437: FIPS: replica install check stlaz commented: """ LGTM """ See the full comment at https://github.com/freeipa/freeipa/pull/437#issuecomment-278279899 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#437][comment] FIPS: replica install check
URL: https://github.com/freeipa/freeipa/pull/437 Title: #437: FIPS: replica install check tomaskrizek commented: """ Thanks for the feedback. Hopefully I addressed all the concerns above in the update. """ See the full comment at https://github.com/freeipa/freeipa/pull/437#issuecomment-278035787 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#437][comment] FIPS: replica install check
URL: https://github.com/freeipa/freeipa/pull/437 Title: #437: FIPS: replica install check MartinBasti commented: """ @pvoborni more or less brainstorming, as I'm almost sure that people will want to migrate current deployments to FIPS mode """ See the full comment at https://github.com/freeipa/freeipa/pull/437#issuecomment-277966347 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#437][comment] FIPS: replica install check
URL: https://github.com/freeipa/freeipa/pull/437 Title: #437: FIPS: replica install check pvoborni commented: """ @MartinBasti I'm not sure from your comment if you would like to provide a way to change non-FIPS server into a FIPS server or just brainstorming ways how it can be worked around. In any case this path is not a goal and actually should be discouraged. http://www.freeipa.org/page/V4/FreeIPA-on-FIPS#Design """ See the full comment at https://github.com/freeipa/freeipa/pull/437#issuecomment-277950210 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#437][comment] FIPS: replica install check
URL: https://github.com/freeipa/freeipa/pull/437 Title: #437: FIPS: replica install check martbab commented: """ @tomaskrizek since you added a new key to the Env object, you will have to fix `test_ipalib/test_config.py` to account for this change, see https://travis-ci.org/freeipa/freeipa/jobs/198916106#L443 """ See the full comment at https://github.com/freeipa/freeipa/pull/437#issuecomment-277924079 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#437][comment] FIPS: replica install check
URL: https://github.com/freeipa/freeipa/pull/437 Title: #437: FIPS: replica install check MartinBasti commented: """ @tomaskrizek on current versions of RHEL and fedora IPA doesn't start in FIPS, but upgrading first and then enabling FIPS might be the way """ See the full comment at https://github.com/freeipa/freeipa/pull/437#issuecomment-28586 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#437][comment] FIPS: replica install check
URL: https://github.com/freeipa/freeipa/pull/437 Title: #437: FIPS: replica install check tomaskrizek commented: """ @MartinBasti Since this check is performed only during installation, the user could simply install non-FIPS replica and then turn FIPS on afterwards. There might be issues with this approach and thus it is neither recommended nor supported, as stated in the [documentation](https://www.freeipa.org/page/V4/FreeIPA-on-FIPS#Multiple_servers_in_topology). """ See the full comment at https://github.com/freeipa/freeipa/pull/437#issuecomment-277745754 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#437][comment] FIPS: replica install check
URL: https://github.com/freeipa/freeipa/pull/437 Title: #437: FIPS: replica install check MartinBasti commented: """ I'm still afraid that users may want to create a FIPS replica from the non-FIPS master, even if it is not recommended due security. How can be this achieved? """ See the full comment at https://github.com/freeipa/freeipa/pull/437#issuecomment-277743511 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
