[Freeipa-devel] [freeipa PR#450][comment] Add FIPS-token password of HTTPD NSS database
URL: https://github.com/freeipa/freeipa/pull/450 Title: #450: Add FIPS-token password of HTTPD NSS database MartinBasti commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/0b9b6b52d7f2e64a52ef8fd570839711311fa254 """ See the full comment at https://github.com/freeipa/freeipa/pull/450#issuecomment-280068549 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#450][comment] Add FIPS-token password of HTTPD NSS database
URL: https://github.com/freeipa/freeipa/pull/450 Title: #450: Add FIPS-token password of HTTPD NSS database stlaz commented: """ You shouldn't turn FIPS on post-install (is what I think you mean), correct. """ See the full comment at https://github.com/freeipa/freeipa/pull/450#issuecomment-279958668 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#450][comment] Add FIPS-token password of HTTPD NSS database
URL: https://github.com/freeipa/freeipa/pull/450 Title: #450: Add FIPS-token password of HTTPD NSS database HonzaCholasta commented: """ LGTM. I guess we don't have to bother with upgrade, given that you can turn on FIPS post-install, right? """ See the full comment at https://github.com/freeipa/freeipa/pull/450#issuecomment-279933986 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#450][comment] Add FIPS-token password of HTTPD NSS database
URL: https://github.com/freeipa/freeipa/pull/450 Title: #450: Add FIPS-token password of HTTPD NSS database stlaz commented: """ That was my original approach to it but we had offline talk with @HonzaCholasta and got to the point that it might be better to do it this way. From my point of view it's more fool-proof for the people who would install FreeIPA in non-FIPS mode but then thought it'd be cool to turn FIPS on. Anyone reading this in the future - that is **NOT SUPPORTED**. There would probably be more different issues, let this not be one. """ See the full comment at https://github.com/freeipa/freeipa/pull/450#issuecomment-278958767 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#450][comment] Add FIPS-token password of HTTPD NSS database
URL: https://github.com/freeipa/freeipa/pull/450 Title: #450: Add FIPS-token password of HTTPD NSS database rcritten commented: """ I guess this is one approach to fix the problem. Would it be cleaner to pass in, or detect, FIPS mode, and only write out the token that will actually be used? """ See the full comment at https://github.com/freeipa/freeipa/pull/450#issuecomment-278951822 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code