URL: https://github.com/freeipa/freeipa/pull/482 Title: #482: Don't count service/host/user cert md5 fprints in FIPS
MartinBasti commented: """ I don't think that this is a good way how to handle backward compatibility. With FIPS mode enabled there is no md5 backward compatibility and users should adapt their automation. In case that IPA API is used directly it will contain a garbage and it may not be catched faster enough by any automation on user side. We should not provide anything related to md5 under FIPS mode and let any possible automation using IPA API to fail early on missing values. """ See the full comment at https://github.com/freeipa/freeipa/pull/482#issuecomment-281089720
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code