On ti, 20 huhti 2021, Ian Willis via FreeIPA-users wrote:
Hi Simo,
Thanks for the clear response.
This is more in keeping with my understanding of the assurance
process.
In short
* FIPS evaluation only applies to the algorithms in scope. Generally
something like Suite B
* FIPS is only applicabl
Hi Simo,
Thanks for the clear response.
This is more in keeping with my understanding of the assurance
process.
In short
* FIPS evaluation only applies to the algorithms in scope. Generally
something like Suite B
* FIPS is only applicable to a particular instance ie binary or set of
binaries
Hi Steve,
On Mon, 2021-04-19 at 19:08 +, Steve Reed via FreeIPA-users wrote:
> Hi Stephen,
>
> True. I understand that, but I think we are getting off track to my
> original question. Can you run a FIPS FreeIPA server and still have
> the clients work with it? It't not necessarily required
On Mon, 19 Apr 2021 at 15:09, Steve Reed via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> Hi Stephen,
>
> True. I understand that, but I think we are getting off track to my
> original question. Can you run a FIPS FreeIPA server and still have the
> clients work with it? It't
In that case, let's save you some additional time: FIPS mode is not beneficial,
unless you are contractually required to shoot yourself in the foot and get a
FIPS audit done.
Aside from that (somewhat obvious) fact, it would be useful for the list if you
stated why you want this, and if you kno
Hi Stephen,
True. I understand that, but I think we are getting off track to my original
question. Can you run a FIPS FreeIPA server and still have the clients work
with it? It't not necessarily required to have the clients FIPS compliant, but
the server must since it has to do the encryptio
Hi rob,
I found out that they blew this machine away today. I appreciate the ideas so
far.
The error log just stated that it could not start the directory service and
gave a script error and a line number.
When I removed the slapd service. I deleted the service file (I think it was a
.lnk f
Steve Reed via FreeIPA-users wrote:
> Does anyone else have an idea? I could use some help tracking this down.
> I'm not sure where to start other than what I have been doing.
Flo suggested you check the error log but you didn't report back what
you found, just that the logs stop after the inst
Unless you want to commit resources to attain 'dev level' on over a
dozen packages, you have to think of Freeipa as having an 'everything
depends on everything' component config file inter-relationship (one
that can change without a lot of warning between upgrades). Before
taking on the burden of
Hi,
I'm running ipa-server 4.8.7-13 on Centos 8.3.
My security scanning software is lighting up with a lot of warnings about my
FreeIPA servers - specifically Apache Tomcat vulnerabilities exposed on the
PKI-Tomcat ports - 8080/8443. It is detecting v9.0.30, and seemingly has a
different list
On Mon, 19 Apr 2021 at 11:33, Steve Reed via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> Hi Rob,
>
> So, are you saying that CENTOS is not FIPS compliant? Because there is a
> long list of web sites that state that CENTOS and RHEL are FIPS 140-2
> compliant.
>
>
He is talking a
iulian roman via FreeIPA-users wrote:
> Hello,
>
> I would like to extend the ldap schema in order to get rid of tnsnames.ora
> and use ldap for that. I try to update the schema using ipa-ldap-updater, but
> so far no success. Can anybody point what would be the correct update file
> I sho
What Rob (and Alexander) are saying is: your auditor will do an audit and tell
you if you are FIPS compliant. While using software in FIPS-compliant mode
might reduce the amount of work you'll need to do to be compliant, it's not
some sort of labeling procedure where you need show some specs tha
Hi Rob,
So, are you saying that CENTOS is not FIPS compliant? Because there is a long
list of web sites that state that CENTOS and RHEL are FIPS 140-2 compliant.
https://www.google.com/search?q=is+centos+7+fips+compliant&rlz=1C1DKCZ_enUS768US768&oq=Is+Centos+7+FIPS+com&aqs=chrome.0.0j69i57j0i39
Hello,
I would like to extend the ldap schema in order to get rid of tnsnames.ora and
use ldap for that. I try to update the schema using ipa-ldap-updater, but so
far no success. Can anybody point what would be the correct update file I
should create for the schema file bellow (this is onl
Thank you Alexander. I'll probably not use containers for now, and migrate it
later, when it is supported/tested.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahos
On ma, 19 huhti 2021, Steve Reed via FreeIPA-users wrote:
I'm just concerned that if FIPS is set on the server, that it will
force all clients to use FIPS as well and reject them if they are not
FIPS enabled.
As Rob pointed out in his response, it is not an easy yes/no answer.
FIPS mode is typ
Steve Reed via FreeIPA-users wrote:
> I'm using CENTOS 7. I post to this Fedora site for FreeIPA because I was
> told this is the place for these types of questions. I apologize if this is
> the wrong place.
What he was saying is that FIPS certifications are not transitive, they
are for a part
Does anyone else have an idea? I could use some help tracking this down. I'm
not sure where to start other than what I have been doing.
Thanks,
Steve
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email
I'm just concerned that if FIPS is set on the server, that it will force all
clients to use FIPS as well and reject them if they are not FIPS enabled.
Thanks,
Steve
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe s
I'm using CENTOS 7. I post to this Fedora site for FreeIPA because I was told
this is the place for these types of questions. I apologize if this is the
wrong place.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe
I successfully added ISRG Root X1 using ipa-cacert-manage install to my main
ipa server.
I then tried
ipa-certupdate which failed on both the main ipa server and my replica.
trying https://ipa.example.net/ipa/json
Connection to https://ipa.example.net/ipa/json failed with [SSL:
CERTIFICATE_VE
On 4/19/21 10:14 AM, Reino Wallin via FreeIPA-users wrote:
When the letsencrypt certificate was renewed a couple of months ago, a problem
occurred.
I found this guide and tried to follow it:
https://yyhh.org/blog/2021/01/fix-freeipa-httpd-lets-encrypt-certificate-update/
But it seems I have m
When the letsencrypt certificate was renewed a couple of months ago, a problem
occurred.
I found this guide and tried to follow it:
https://yyhh.org/blog/2021/01/fix-freeipa-httpd-lets-encrypt-certificate-update/
But it seems I have messed up something, and I would like some hints how to
solve
24 matches
Mail list logo
