On 14/04/2021 22.07, Steve Reed via FreeIPA-users wrote:
If I successfully install FreeIPA in FIPS mode, does that mean that
all my clients that call on the server need to be in FIPS mode as well? Or can I just
have the server in FIPS mode and the clients in whatever mode I want?
FreeIPA implies that you are running Fedora, Debian, or Ubuntu. These
distros are not certified for FIPS compliance or don't ship a FIPS
compliant FreeIPA. Only IdM on RHEL is currently evaluated for FIPS
compliance.
If you require FIPS compliance, then you have to use RHEL. If you don't
need it, then just ignore FIPS. It doesn't give you any benefits and
prevents you from using some modern crypto algorithms.
--
Christian Heimes
Principal Software Engineer, Identity Management and Platform Security
Red Hat GmbH,
https://de.redhat.com/ , Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael
O'Neill