Revert "Don't allow OTP or RADIUS in FIPS mode"

This reverts commit 16a952a0a4. OTP now works in FIPS mode. RADIUS can be made to be compliant by wrapping traffic in a VPN. https://pagure.io/freeipa/issue/7168 https://pagure.io/freeipa/issue/7243 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2025-02-25 18:55:28 -06:00 · 2018-02-26 09:48:22 -05:00
parent a01a24ce5a
commit d498d7272d
2 changed files with 0 additions and 19 deletions
--- a/ipaserver/plugins/config.py
+++ b/ipaserver/plugins/config.py
@@ -85,20 +85,6 @@ EXAMPLES:

 register = Registry()

-
-def check_fips_auth_opts(fips_mode, **options):
-    """
-    OTP and RADIUS are not allowed in FIPS mode since they use MD5
-    checksums (OTP uses our RADIUS responder daemon ipa-otpd).
-    """
-    if 'ipauserauthtype' in options and fips_mode:
-        if ('otp' in options['ipauserauthtype'] or
-                'radius' in options['ipauserauthtype']):
-            raise errors.InvocationError(
-                'OTP and RADIUS authentication in FIPS is '
-                'not yet supported')
-
-
@register()
 class config(LDAPObject):
    """
@@ -412,8 +398,6 @@ class config_mod(LDAPUpdate):

    def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
        assert isinstance(dn, DN)
-        check_fips_auth_opts(fips_mode=self.api.env.fips_mode, **options)
-
        if 'ipadefaultprimarygroup' in entry_attrs:
            group=entry_attrs['ipadefaultprimarygroup']
            try: