URL: https://github.com/freeipa/freeipa/pull/437
Title: #437: FIPS: replica install check
MartinBasti commented:
"""
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/3372ad2766c0d182fa88c8bc28cf43477dc4cb3b
URL: https://github.com/freeipa/freeipa/pull/437
Title: #437: FIPS: replica install check
MartinBasti commented:
"""
Needs rebase
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/437#issuecomment-281361284
--
Manage your subscription for the Freeipa-devel mailing list:
URL: https://github.com/freeipa/freeipa/pull/437
Title: #437: FIPS: replica install check
stlaz commented:
"""
3 LGTM + tests passing seems like a good enough reason for ACK to me.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/437#issuecomment-281336192
--
Manage your
URL: https://github.com/freeipa/freeipa/pull/437
Title: #437: FIPS: replica install check
HonzaCholasta commented:
"""
LGTM.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/437#issuecomment-281333137
--
Manage your subscription for the Freeipa-devel mailing list:
URL: https://github.com/freeipa/freeipa/pull/437
Title: #437: FIPS: replica install check
stlaz commented:
"""
LGTM
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/437#issuecomment-278279899
--
Manage your subscription for the Freeipa-devel mailing list:
URL: https://github.com/freeipa/freeipa/pull/437
Title: #437: FIPS: replica install check
tomaskrizek commented:
"""
Thanks for the feedback. Hopefully I addressed all the concerns above in the
update.
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/437
Title: #437: FIPS: replica install check
MartinBasti commented:
"""
@pvoborni more or less brainstorming, as I'm almost sure that people will want
to migrate current deployments to FIPS mode
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/437
Title: #437: FIPS: replica install check
pvoborni commented:
"""
@MartinBasti I'm not sure from your comment if you would like to provide a way
to change non-FIPS server into a FIPS server or just brainstorming ways how it
can be worked around.
URL: https://github.com/freeipa/freeipa/pull/437
Title: #437: FIPS: replica install check
martbab commented:
"""
@tomaskrizek since you added a new key to the Env object, you will have to fix
`test_ipalib/test_config.py` to account for this change, see
URL: https://github.com/freeipa/freeipa/pull/437
Title: #437: FIPS: replica install check
MartinBasti commented:
"""
@tomaskrizek on current versions of RHEL and fedora IPA doesn't start in FIPS,
but upgrading first and then enabling FIPS might be the way
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/437
Title: #437: FIPS: replica install check
tomaskrizek commented:
"""
@MartinBasti Since this check is performed only during installation, the user
could simply install non-FIPS replica and then turn FIPS on afterwards. There
might be issues with
URL: https://github.com/freeipa/freeipa/pull/437
Title: #437: FIPS: replica install check
MartinBasti commented:
"""
I'm still afraid that users may want to create a FIPS replica from the non-FIPS
master, even if it is not recommended due security. How can be this achieved?
"""
See the full
12 matches
Mail list logo
