Ok, is there an action required from me?
Paul
On 8/29/19, 5:34 PM, "William Brown" <wbr...@suse.de> wrote:
This could be in "report an issue" territory I think in that case. Seems
easy to reproduce.
> On 30 Aug 2019, at 02:15, Paul Whitney <paul.whit...@mac.com> wrote:
>
> Hi William,
>
> It is an issue with FIPS. You are correct there are differences between
the pin.txt file used in admin-serv and the slap instances. However, I went
into grub.conf and changed fips=1 to fips=0. Rebooted the system and the
dirsrv-admin process started right up. DISA hardening requires FIPS enabled
OS. So this may be one of those issues that will come back again. In the
meantime, we will look at finding a waiver.
>
>
> Thanks,
> Paul
>
>> On Aug 28, 2019, at 7:10 PM, William Brown <wbr...@suse.de> wrote:
>>
>> If memory serves correctly ... there are some un-resolved issues between
dirsrv-admin + fips. I remember discussing this with Mark as something that may
fall into the "fix when someone runs into it" because that combination we
thought would be rare.
>>
>> But I'm not sure that this issue here is a fips one? I've seen another
issue lately where the dirsrv-admin used a different pin.txt to the
dirsrvinstances, but I'm not sure of the details.
>>
>> Are there fresh installs of ds? Or upgrades?
>>
>>> On 28 Aug 2019, at 05:51, Paul Whitney <paul.whit...@chesapeake-it.com>
wrote:
>>>
>>> Hi guys,
>>>
>>> I have SSL enabled both slapd instances and dirsrv-admin on FIPS
enabled CentOS 7. The instances seem to start up no problem. However, the
admin console (dirsrv-admin) is complaining the password credentials are not
valid for the NSS FIPS 140-2 DB even through the exact same credentials are
presented to the SLAPD instances. I am using a pin.txt file in the correct
format for both SLAPD and DIRSRV-ADMIN.
>>>
>>> Are there compatibility issues with FIPS and 389-DS admin-serv?
>>>
>>> Paul M. Whitney
>>> _______________________________________________
>>> 389-users mailing list -- 389-users@lists.fedoraproject.org
>>> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
>>> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>>> List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
>>
>> —
>> Sincerely,
>>
>> William Brown
>>
>> Senior Software Engineer, 389 Directory Server
>> SUSE Labs
>> _______________________________________________
>> 389-users mailing list -- 389-users@lists.fedoraproject.org
>> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
>> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
>
> _______________________________________________
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
—
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server
SUSE Labs
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
