Rob Crittenden a43100badc Don't configure disabled krb5 enctypes in FIPS mode ...

The only permitted ciphers are the AES family (called aes, which
is the combination of: aes256-cts-hmac-sha1-96,
aes128-cts-hmac-sha1-96, aes256-cts-hmac-sha384-192, and
aes128-cts-hmac-sha256-128).

DES, RC4, and Camellia are not permitted in FIPS mode.  While 3DES
is permitted, the KDF used for it in krb5 is not, and Microsoft
doesn't implement 3DES anyway.

This is only applied on new installations because we don't
allow converting a non-FIPS install into a FIPS one.

Reviewed-By: Robbie Harwood <rharwood@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>

2019-07-02 10:35:00 +03:00

..

advise

Add install/remove package helpers to advise

2018-12-11 13:46:52 +01:00

dnssec

Add ODS manager abstraction to ipaplatform

2019-04-24 14:08:20 +02:00

install

Don't configure disabled krb5 enctypes in FIPS mode

2019-07-02 10:35:00 +03:00

plugins

Make use of single configuration point for SELinux

2019-07-01 14:44:57 +03:00

secrets

Fix CustodiaClient ccache handling

2019-06-18 10:36:24 +10:00

__init__.py

Change FreeIPA license to GPLv3+

2010-12-20 17:19:53 -05:00

dcerpc_common.py

Py3: Replace six.text_type with str

2018-09-27 16:11:18 +02:00

dcerpc.py

Use new LDAPClient constructors

2019-02-05 08:39:13 -05:00

dns_data_management.py

Py3: Remove subclassing from object

2018-09-27 11:49:04 +02:00

Makefile.am

Build: Makefiles for Python packages

2016-11-09 13:08:32 +01:00

masters.py

Add hidden replica feature

2019-03-28 17:57:58 +01:00

p11helper.py

pylint 2.2: Fix unnecessary pass statement

2018-11-26 16:54:43 +01:00

rpcserver.py

Py3: Replace six.moves imports

2018-10-05 12:06:19 +02:00

servroles.py

Consider configured servers as valid

2019-04-29 16:51:40 +02:00

setup.cfg

Port all setup.py to setuptools

2016-10-20 18:43:37 +02:00

setup.py

Move Custodia secrets handler to scripts

2019-04-26 12:09:22 +02:00

topology.py

Py3: Remove subclassing from object

2018-09-27 11:49:04 +02:00