I was only able to read the Subject line and nothing further so take with
grain of salt
Here is the procedure I made a while ago for differ finding but the only
change in it would be the ciphers I imagine.
The following files control the ciphers in use
DirSrv /etc/dirsrv/slapd-REALM-LOCAL/dse.ldif
PKISrv /etc/dirsrv/slapd-PKI-IPA/dse.ldif
42873 SSL Medium Strength Cipher Suites Supported Port 389/636
Mitigation:
1. Log onto IPA server. Using nmap command below to see the list of
ciphers being used. Bold print shows the medium ciphers that need to be
removed.
2. [bobsyouruncle@IPASERVER ~]# nmap --script ssl-enum-ciphers -p 636
`hostname`
Starting Nmap 5.51 ( http://nmap.org ) at 2017-01-30 16:08 EST
Nmap scan report for (10.x.x.x
Host is up (0.00014s latency).
PORT STATE SERVICE
636/tcp open ldapssl
| ssl-enum-ciphers:
| TLSv1.2
| Ciphers (17)
| SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
| TLS_DHE_RSA_WITH_DES_CBC_SHA
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
| TLS_RSA_WITH_3DES_EDE_CBC_SHA
| TLS_RSA_WITH_AES_128_CBC_SHA
| TLS_RSA_WITH_AES_128_CBC_SHA256
| TLS_RSA_WITH_AES_128_GCM_SHA256
| TLS_RSA_WITH_AES_256_CBC_SHA
| TLS_RSA_WITH_AES_256_CBC_SHA256
| Compressors (1)
|_ uncompressed
3. Stop the ipa server with Ipactl stop
4. The following files control the ciphers in use
DirSrv /etc/dirsrv/slapd-REALM-LOCAL/dse.ldif
PKISrv /etc/dirsrv/slapd-PKI-IPA/dse.ldif
Make copies of the files before modifying with
cp /etc/dirsrv/slapd-PKI-IPA/dse.ldif /etc/dirsrv/slapd-PKI-IPA/dse.ldif.$
(date '+%F')
cp /etc/dirsrv/slapd-WATSON-LOCAL/dse.ldif
/etc/dirsrv/slapd-REALM-LOCAL/dse.ldif
$(date '+%F')
5. vim /etc/dirsrv/slapd-REALM-LOCAL/dse.ldif
and ensure it reads the below where you change a few + to – and add ,
-dhe_rsa_3des_sha. The listings required to be modified are in bold. The
correct config is shown below:
nsSSL3Ciphers:
-rsa_null_md5,-rsa_rc4_128_md5,-rsa_rc4_40_md5,-rsa_rc2_40_md5,
-rsa_des_sha,-rsa_fips_des_sha,-rsa_3des_sha,-rsa_fips_3des_sha
,-fortezza,-fo
rtezza_rc4_128_sha,-fortezza_null,-tls_rsa_export1024_with_rc4_56_sha,-tls_rs
a_export1024_with_des_cbc_sha,-rsa_rc4_128_sha,
-dhe_rsa_3des_sha.-dhe_rsa_des_sha
6. vim /etc/dirsrv/slapd-PKI-IPA/dse.ldif
and ensure it reads the below where you change a few + to -. The
listings required to change are modified in bold. The correct config is
shown.
nsSSL3Ciphers: -rsa_3des_sha,-rsa_fips_3des_sha,-rsa_rc4_128_sha
7. Restart IPA ipactl start and play close attention to the start-up
ensuring no errors.
8. Run Nmap again and ensure listing is no longer showing triple des
ciphers. nmap --script ssl-enum-ciphers -p 636 `hostname`
Starting Nmap 5.51 ( http://nmap.org ) at 2017-01-30 16:40 EST
Nmap scan report for(10.x.x.x.
Host is up (0.000030s latency).
PORT STATE SERVICE
636/tcp open ldapssl
| ssl-enum-ciphers:
| TLSv1.2
| Ciphers (14)
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
| TLS_DHE_RSA_WITH_DES_CBC_SHA
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
| TLS_RSA_WITH_AES_128_CBC_SHA
| TLS_RSA_WITH_AES_128_CBC_SHA256
| TLS_RSA_WITH_AES_128_GCM_SHA256
| TLS_RSA_WITH_AES_256_CBC_SHA
| TLS_RSA_WITH_AES_256_CBC_SHA256
| Compressors (1)
|_ uncompressed
9. You now have 13 of the original 17 ciphers being used and no more
triple DES
10. 389 Dirsrv cipher listings can be found here:
http://www.port389.org/docs/389ds/design/nss-cipher-design.html
Sean Hogan
From: Florence Blanc-Renaud via FreeIPA-users
<freeipa-users@lists.fedorahosted.org>
To: FreeIPA users list <freeipa-users@lists.fedorahosted.org>
Cc: Terry Soucy <tso...@salesforce.com>, Mauricio Tavares
<raubvo...@gmail.com>, Florence Blanc-Renaud <f...@redhat.com>
Date: 01/14/2020 09:13 AM
Subject: [EXTERNAL] [Freeipa-users] Re: Disable SSLv3 and RC4 ciphers on
ipa-server 3.0.0
On 1/14/20 12:54 PM, Terry Soucy via FreeIPA-users wrote:
> I've tried both parameters
>
> .. sslProtocols = "TLSv1.2,TLSv1.1,TLSv1"
> .. sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
>
> and I receive the same results. I'm able to connect with openssl
> s_client connect ipa001.local:9443 -ssl3. I've even specifically
> disabled the cipher that is negotiated in the connection, but it doesn't
> appear that what I'm trying works.
>
In my conf I also have strictCiphers="true" and it seems to make a
difference. See
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.dogtagpki.org_wiki_Tomcat-5FJSS-5F7.3-5FConfiguration&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=pAvZgCz4zBPNXNWPu8dLOYdmUIAP7pySuYQoq4H7yUs&m=ik3ORtfD7bR3ZrL2Z2vZW05b_Ixl2rMhd3jnqt4cwX4&s=SaAQxjW3qx50yuDKWTjrIAjjf5n1OKbeWOnMFCYcJAw&e=
which says:
-----8<-----
strictCiphers:
This parameter determines whether to disable the NSS default
ciphers. If it's set to true, the NSS default ciphers will be disabled,
and only the ciphers specified in sslRangeCiphers will be enabled. If
it's set to false, the NSS default ciphers will remain enabled in
addition to the ciphers specified in sslRangeCiphers. By default it's
false.
----->8-----
Don't forget to restart pki after you edit server.xml
flo
> ssl3Ciphers="-DHE-RSA-AES256-SHA"
>
> # openssl s_client -connect en3021s.dev.ca1.sfmc.co:9443
> <
https://urldefense.proofpoint.com/v2/url?u=http-3A__en3021s.dev.ca1.sfmc.co-3A9443&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=pAvZgCz4zBPNXNWPu8dLOYdmUIAP7pySuYQoq4H7yUs&m=ik3ORtfD7bR3ZrL2Z2vZW05b_Ixl2rMhd3jnqt4cwX4&s=UsFmfu84deUf78WSSjohqe_2bgbosJY1W94sPP5_5Lg&e=
> -ssl3
> ...
> Server Temp Key: DH, 2048 bits
> ---
> SSL handshake has read 2763 bytes and written 349 bytes
> ---
> New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
> Server public key is 2048 bit
> Secure Renegotiation IS supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> SSL-Session:
> Protocol : SSLv3
> Cipher : DHE-RSA-AES256-SHA
> ...
>
> I've even tried setting JAVA_HOME in /etc/pki-cad/tomcat6.conf to my
> openjdk7 install, thinking that maybe it was a java thing, but the same
> issue arises. I'm out of ideas, other than to try to upgrade to a newer
> version of freeipa server, and subsequently tomcat, which is a task I'm
> not looking forward to.
>
> Terry
>
>
>
>
> On Tue, Jan 14, 2020 at 7:20 AM Florence Blanc-Renaud via FreeIPA-users
> <freeipa-users@lists.fedorahosted.org
> <mailto:freeipa-users@lists.fedorahosted.org>> wrote:
>
> On 1/14/20 11:58 AM, Mauricio Tavares via FreeIPA-users wrote:
> > On Tue, Jan 14, 2020 at 4:16 AM Florence Blanc-Renaud via
> > FreeIPA-users <freeipa-users@lists.fedorahosted.org
> <mailto:freeipa-users@lists.fedorahosted.org>> wrote:
> >>
> >> On 1/13/20 8:38 PM, Terry Soucy via FreeIPA-users wrote:
> >>> We are running FreeIPA 3.0.0 on CentOS 6 (directly from the OS
> >>> repository). I am having trouble disabling SSL3 and RC4 ciphers
> on port
> >>> 9443 (pki-cad)
> >>>
> >>> ipa-server-3.0.0
> >>> tomcat6-6.0.24
> >>>
> >>> I've been modifying /etc/pki-ca/server.xml with little success.
> What am
> >>> I missing? I've been banging my head on this for the past week.
> >>>
> >>> <Connector name="Agent" port="9443" protocol="HTTP/1.1"
> >>> SSLEnabled="true" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
> >>
> >> I believe the correct parameter name is sslProtocols="...", not
> >> sslEnabledProtocols, in this version of tomcat.
> >> flo
> >>
> >
> > If we take a look at the latest
> > (
https://urldefense.proofpoint.com/v2/url?u=https-3A__tomcat.apache.org_tomcat-2D9.0-2Ddoc_config_http.html&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=pAvZgCz4zBPNXNWPu8dLOYdmUIAP7pySuYQoq4H7yUs&m=ik3ORtfD7bR3ZrL2Z2vZW05b_Ixl2rMhd3jnqt4cwX4&s=iBLDd3MdR7f6UOK-t5ahu_XASjI1dxiqd6xcros92JM&e=
) docs, it
> > says sslEnabledProtocols is an alias to the protocols entry in
> > SSLHostConfig
> (
https://urldefense.proofpoint.com/v2/url?u=https-3A__tomcat.apache.org_tomcat-2D9.0-2Ddoc_config_http.html-23SSL-5FSupport-5F-2D-5FSSLHostConfig&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=pAvZgCz4zBPNXNWPu8dLOYdmUIAP7pySuYQoq4H7yUs&m=ik3ORtfD7bR3ZrL2Z2vZW05b_Ixl2rMhd3jnqt4cwX4&s=5KGVLn3t-mS2NgnoX3tSoYoRNzmK0N43DLHlVxsJX9k&e=
),
> Hi,
> Terry stated that he is using ipa-server-3.0.0 with tomcat6-6.0.24.
>
https://urldefense.proofpoint.com/v2/url?u=https-3A__access.redhat.com_solutions_1232233&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=pAvZgCz4zBPNXNWPu8dLOYdmUIAP7pySuYQoq4H7yUs&m=ik3ORtfD7bR3ZrL2Z2vZW05b_Ixl2rMhd3jnqt4cwX4&s=PBER-hfQUAFbLMAJ0bj8KWKiige7BtTJLC59S1O21qM&e=
mentions that for this
> version the value sslProtocols = "TLSv1,TLSv1.1,TLSv1.2" should be
> used. For Tomcat 6 (6.0.38 and later) and 7,
> sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" can be used.
>
> flo
> > which specifically lists
> >
> > SSLv2Hello
> > SSLv3
> > TLSv1
> > TLSv1.1
> > TLSv1.2
> > TLSv1.3
> > all
> >
> > as valid entries. I will agree that the explanation of sslProtocol
is
> > kinda confusing because it kinda implies it is "the protocol(s) to
> > use," with TLS as the default. Maybe the subtle difference is that
> > sslEnabledProtocols is the list of "protocols to support when
> > *communicating with clients*" the latter part is what
differentiates
> > it. In any case, in my ancient notes I seem to explicitly define
both
> > (was the order in sslEnabledProtocols important?):
> >
> > <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
> > maxThreads="150" scheme="https" secure="true"
> > keystoreFile="/usr/share/tomcat/keystore"
> > keystorePass="password1" keyAlias="tomcat"
> > clientAuth="false"
> > sslProtocol="TLS"
> sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1"
> > />
> >
> >
> >>> scheme="https" secure="true"
> >>> maxHttpHeaderSize="8192"
> >>> acceptCount="100" maxThreads="150"
> minSpareThreads="25"
> >>> maxSpareThreads="75"
> >>> enableLookups="false"
disableUploadTimeout="true"
> >>>
> >>>
> SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation"
> >>> enableOCSP="false"
> >>>
> ocspResponderURL="
https://urldefense.proofpoint.com/v2/url?u=http-3A__ipa001.local-3A9080_ca_ocsp&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=pAvZgCz4zBPNXNWPu8dLOYdmUIAP7pySuYQoq4H7yUs&m=ik3ORtfD7bR3ZrL2Z2vZW05b_Ixl2rMhd3jnqt4cwX4&s=o-Nw0vVYcjpXdVbE4GIzB0lofSfPIoNUC1WBrY3z6n8&e=
"
> >>> ocspResponderCertNickname="ocspSigningCert
> cert-pki-ca"
> >>> ocspCacheSize="1000"
> >>> ocspMinCacheEntryDuration="60"
> >>> ocspMaxCacheEntryDuration="120"
> >>> ocspTimeout="10"
> >>> clientAuth="true"
> >>> sslOptions="ssl2=false,ssl3=false,tls=true"
> >>>
> >>>
>
tls3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,-SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,-SSL3_RSA_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,-SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-EDH-RSA-DES-CBC3-SHA,-DES-CBC3-SHA"
> >>> sslVersionRangeStream="tls1_1:tls1_2"
> >>> sslVersionRangeDatagram="tls1_1:tls1_2"
> >>>
> >>>
>
sslRangeCiphers="-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,+TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_RSA_WITH_AES_128_CBC_SHA,+TLS_RSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,+TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_DSS_WITH_AES_128_CBC_SHA,+TLS_DHE_DSS_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,+TLS_RSA_WITH_AES_128_CBC_SHA256,+TLS_RSA_WITH_AES_256_CBC_SHA256,+TLS_RSA_WITH_AES_128_GCM_SHA256,+TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,+TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,+TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,+TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,+TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,+TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"
> >>>
> >>>
> >>> serverCertNickFile="/var/lib/pki-ca/conf/serverCertNick.conf"
> >>>
passwordFile="/var/lib/pki-ca/conf/password.conf"
> >>>
> >>>
passwordClass="org.apache.tomcat.util.net.jss.PlainPasswordFile"
> >>> certdbDir="/var/lib/pki-ca/alias"
> >>> />
> >>>
> >>> --
> >>> Terry Soucy
> >>> Systems Engineering Lead | Salesforce
> >>> Mobile: +1.506.609.3247
> >>>
> >>>
> >>> <http://smart.salesforce.com/sig/tsoucy//ca_mb/default/link.html
>
> >>>
> >>> _______________________________________________
> >>> FreeIPA-users mailing list --
> freeipa-users@lists.fedorahosted.org
> <mailto:freeipa-users@lists.fedorahosted.org>
> >>> To unsubscribe send an email to
> freeipa-users-le...@lists.fedorahosted.org
> <mailto:freeipa-users-le...@lists.fedorahosted.org>
> >>> Fedora Code of Conduct:
>
https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.fedoraproject.org_en-2DUS_project_code-2Dof-2Dconduct_&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=pAvZgCz4zBPNXNWPu8dLOYdmUIAP7pySuYQoq4H7yUs&m=ik3ORtfD7bR3ZrL2Z2vZW05b_Ixl2rMhd3jnqt4cwX4&s=13Z4XmUp0YKRtcFfAe7JFsd5BEt-NcvFpxp3weLO-Kg&e=
> >>> List Guidelines:
>
https://urldefense.proofpoint.com/v2/url?u=https-3A__fedoraproject.org_wiki_Mailing-5Flist-5Fguidelines&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=pAvZgCz4zBPNXNWPu8dLOYdmUIAP7pySuYQoq4H7yUs&m=ik3ORtfD7bR3ZrL2Z2vZW05b_Ixl2rMhd3jnqt4cwX4&s=MuSpMY52Rk_2YkJ6LoelS4jyLr28R4uG4v9Ps5WbHrY&e=
> >>> List Archives:
>
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.fedorahosted.org_archives_list_freeipa-2Dusers-40lists.fedorahosted.org&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=pAvZgCz4zBPNXNWPu8dLOYdmUIAP7pySuYQoq4H7yUs&m=ik3ORtfD7bR3ZrL2Z2vZW05b_Ixl2rMhd3jnqt4cwX4&s=OvkC8UpE1G13vNUusL-IdAVCxBHTdR3ea28eqCQWROo&e=
> >>>
> >>
> >> _______________________________________________
> >> FreeIPA-users mailing list --
> freeipa-users@lists.fedorahosted.org
> <mailto:freeipa-users@lists.fedorahosted.org>
> >> To unsubscribe send an email to
> freeipa-users-le...@lists.fedorahosted.org
> <mailto:freeipa-users-le...@lists.fedorahosted.org>
> >> Fedora Code of Conduct:
>
https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.fedoraproject.org_en-2DUS_project_code-2Dof-2Dconduct_&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=pAvZgCz4zBPNXNWPu8dLOYdmUIAP7pySuYQoq4H7yUs&m=ik3ORtfD7bR3ZrL2Z2vZW05b_Ixl2rMhd3jnqt4cwX4&s=13Z4XmUp0YKRtcFfAe7JFsd5BEt-NcvFpxp3weLO-Kg&e=
> >> List Guidelines:
>
https://urldefense.proofpoint.com/v2/url?u=https-3A__fedoraproject.org_wiki_Mailing-5Flist-5Fguidelines&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=pAvZgCz4zBPNXNWPu8dLOYdmUIAP7pySuYQoq4H7yUs&m=ik3ORtfD7bR3ZrL2Z2vZW05b_Ixl2rMhd3jnqt4cwX4&s=MuSpMY52Rk_2YkJ6LoelS4jyLr28R4uG4v9Ps5WbHrY&e=
> >> List Archives:
>
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.fedorahosted.org_archives_list_freeipa-2Dusers-40lists.fedorahosted.org&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=pAvZgCz4zBPNXNWPu8dLOYdmUIAP7pySuYQoq4H7yUs&m=ik3ORtfD7bR3ZrL2Z2vZW05b_Ixl2rMhd3jnqt4cwX4&s=OvkC8UpE1G13vNUusL-IdAVCxBHTdR3ea28eqCQWROo&e=
> > _______________________________________________
> > FreeIPA-users mailing list --
> freeipa-users@lists.fedorahosted.org
> <mailto:freeipa-users@lists.fedorahosted.org>
> > To unsubscribe send an email to
> freeipa-users-le...@lists.fedorahosted.org
> <mailto:freeipa-users-le...@lists.fedorahosted.org>
> > Fedora Code of Conduct:
>
https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.fedoraproject.org_en-2DUS_project_code-2Dof-2Dconduct_&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=pAvZgCz4zBPNXNWPu8dLOYdmUIAP7pySuYQoq4H7yUs&m=ik3ORtfD7bR3ZrL2Z2vZW05b_Ixl2rMhd3jnqt4cwX4&s=13Z4XmUp0YKRtcFfAe7JFsd5BEt-NcvFpxp3weLO-Kg&e=
> > List Guidelines:
>
https://urldefense.proofpoint.com/v2/url?u=https-3A__fedoraproject.org_wiki_Mailing-5Flist-5Fguidelines&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=pAvZgCz4zBPNXNWPu8dLOYdmUIAP7pySuYQoq4H7yUs&m=ik3ORtfD7bR3ZrL2Z2vZW05b_Ixl2rMhd3jnqt4cwX4&s=MuSpMY52Rk_2YkJ6LoelS4jyLr28R4uG4v9Ps5WbHrY&e=
> > List Archives:
>
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.fedorahosted.org_archives_list_freeipa-2Dusers-40lists.fedorahosted.org&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=pAvZgCz4zBPNXNWPu8dLOYdmUIAP7pySuYQoq4H7yUs&m=ik3ORtfD7bR3ZrL2Z2vZW05b_Ixl2rMhd3jnqt4cwX4&s=OvkC8UpE1G13vNUusL-IdAVCxBHTdR3ea28eqCQWROo&e=
> >
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> <mailto:freeipa-users@lists.fedorahosted.org>
> To unsubscribe send an email to
> freeipa-users-le...@lists.fedorahosted.org
> <mailto:freeipa-users-le...@lists.fedorahosted.org>
> Fedora Code of Conduct:
>
https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.fedoraproject.org_en-2DUS_project_code-2Dof-2Dconduct_&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=pAvZgCz4zBPNXNWPu8dLOYdmUIAP7pySuYQoq4H7yUs&m=ik3ORtfD7bR3ZrL2Z2vZW05b_Ixl2rMhd3jnqt4cwX4&s=13Z4XmUp0YKRtcFfAe7JFsd5BEt-NcvFpxp3weLO-Kg&e=
> List Guidelines:
https://urldefense.proofpoint.com/v2/url?u=https-3A__fedoraproject.org_wiki_Mailing-5Flist-5Fguidelines&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=pAvZgCz4zBPNXNWPu8dLOYdmUIAP7pySuYQoq4H7yUs&m=ik3ORtfD7bR3ZrL2Z2vZW05b_Ixl2rMhd3jnqt4cwX4&s=MuSpMY52Rk_2YkJ6LoelS4jyLr28R4uG4v9Ps5WbHrY&e=
> List Archives:
>
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.fedorahosted.org_archives_list_freeipa-2Dusers-40lists.fedorahosted.org&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=pAvZgCz4zBPNXNWPu8dLOYdmUIAP7pySuYQoq4H7yUs&m=ik3ORtfD7bR3ZrL2Z2vZW05b_Ixl2rMhd3jnqt4cwX4&s=OvkC8UpE1G13vNUusL-IdAVCxBHTdR3ea28eqCQWROo&e=
>
>
>
> --
> Terry Soucy
> Systems Engineering Lead | Salesforce
> Mobile: +1.506.609.3247
>
>
> <http://smart.salesforce.com/sig/tsoucy//ca_mb/default/link.html>
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to
freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct:
https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.fedoraproject.org_en-2DUS_project_code-2Dof-2Dconduct_&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=pAvZgCz4zBPNXNWPu8dLOYdmUIAP7pySuYQoq4H7yUs&m=ik3ORtfD7bR3ZrL2Z2vZW05b_Ixl2rMhd3jnqt4cwX4&s=13Z4XmUp0YKRtcFfAe7JFsd5BEt-NcvFpxp3weLO-Kg&e=
> List Guidelines:
https://urldefense.proofpoint.com/v2/url?u=https-3A__fedoraproject.org_wiki_Mailing-5Flist-5Fguidelines&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=pAvZgCz4zBPNXNWPu8dLOYdmUIAP7pySuYQoq4H7yUs&m=ik3ORtfD7bR3ZrL2Z2vZW05b_Ixl2rMhd3jnqt4cwX4&s=MuSpMY52Rk_2YkJ6LoelS4jyLr28R4uG4v9Ps5WbHrY&e=
> List Archives:
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.fedorahosted.org_archives_list_freeipa-2Dusers-40lists.fedorahosted.org&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=pAvZgCz4zBPNXNWPu8dLOYdmUIAP7pySuYQoq4H7yUs&m=ik3ORtfD7bR3ZrL2Z2vZW05b_Ixl2rMhd3jnqt4cwX4&s=OvkC8UpE1G13vNUusL-IdAVCxBHTdR3ea28eqCQWROo&e=
>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.fedoraproject.org_en-2DUS_project_code-2Dof-2Dconduct_&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=pAvZgCz4zBPNXNWPu8dLOYdmUIAP7pySuYQoq4H7yUs&m=ik3ORtfD7bR3ZrL2Z2vZW05b_Ixl2rMhd3jnqt4cwX4&s=13Z4XmUp0YKRtcFfAe7JFsd5BEt-NcvFpxp3weLO-Kg&e=
List Guidelines:
https://urldefense.proofpoint.com/v2/url?u=https-3A__fedoraproject.org_wiki_Mailing-5Flist-5Fguidelines&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=pAvZgCz4zBPNXNWPu8dLOYdmUIAP7pySuYQoq4H7yUs&m=ik3ORtfD7bR3ZrL2Z2vZW05b_Ixl2rMhd3jnqt4cwX4&s=MuSpMY52Rk_2YkJ6LoelS4jyLr28R4uG4v9Ps5WbHrY&e=
List Archives:
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.fedorahosted.org_archives_list_freeipa-2Dusers-40lists.fedorahosted.org&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=pAvZgCz4zBPNXNWPu8dLOYdmUIAP7pySuYQoq4H7yUs&m=ik3ORtfD7bR3ZrL2Z2vZW05b_Ixl2rMhd3jnqt4cwX4&s=OvkC8UpE1G13vNUusL-IdAVCxBHTdR3ea28eqCQWROo&e=
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
