If memory serves correctly ... there are some un-resolved issues between dirsrv-admin + fips. I remember discussing this with Mark as something that may fall into the "fix when someone runs into it" because that combination we thought would be rare.
But I'm not sure that this issue here is a fips one? I've seen another issue lately where the dirsrv-admin used a different pin.txt to the dirsrvinstances, but I'm not sure of the details.
Are there fresh installs of ds? Or upgrades?
On 28 Aug 2019, at 05:51, Paul Whitney paul.whitney@chesapeake-it.com wrote:
Hi guys,
I have SSL enabled both slapd instances and dirsrv-admin on FIPS enabled CentOS 7. The instances seem to start up no problem. However, the admin console (dirsrv-admin) is complaining the password credentials are not valid for the NSS FIPS 140-2 DB even through the exact same credentials are presented to the SLAPD instances. I am using a pin.txt file in the correct format for both SLAPD and DIRSRV-ADMIN.
Are there compatibility issues with FIPS and 389-DS admin-serv?
Paul M. Whitney _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs
Hi William,
It is an issue with FIPS. You are correct there are differences between the pin.txt file used in admin-serv and the slap instances. However, I went into grub.conf and changed fips=1 to fips=0. Rebooted the system and the dirsrv-admin process started right up. DISA hardening requires FIPS enabled OS. So this may be one of those issues that will come back again. In the meantime, we will look at finding a waiver.
Thanks, Paul
On Aug 28, 2019, at 7:10 PM, William Brown wbrown@suse.de wrote:
If memory serves correctly ... there are some un-resolved issues between dirsrv-admin + fips. I remember discussing this with Mark as something that may fall into the "fix when someone runs into it" because that combination we thought would be rare.
But I'm not sure that this issue here is a fips one? I've seen another issue lately where the dirsrv-admin used a different pin.txt to the dirsrvinstances, but I'm not sure of the details.
Are there fresh installs of ds? Or upgrades?
On 28 Aug 2019, at 05:51, Paul Whitney paul.whitney@chesapeake-it.com wrote:
Hi guys,
I have SSL enabled both slapd instances and dirsrv-admin on FIPS enabled CentOS 7. The instances seem to start up no problem. However, the admin console (dirsrv-admin) is complaining the password credentials are not valid for the NSS FIPS 140-2 DB even through the exact same credentials are presented to the SLAPD instances. I am using a pin.txt file in the correct format for both SLAPD and DIRSRV-ADMIN.
Are there compatibility issues with FIPS and 389-DS admin-serv?
Paul M. Whitney _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
This could be in "report an issue" territory I think in that case. Seems easy to reproduce.
On 30 Aug 2019, at 02:15, Paul Whitney paul.whitney@mac.com wrote:
Hi William,
It is an issue with FIPS. You are correct there are differences between the pin.txt file used in admin-serv and the slap instances. However, I went into grub.conf and changed fips=1 to fips=0. Rebooted the system and the dirsrv-admin process started right up. DISA hardening requires FIPS enabled OS. So this may be one of those issues that will come back again. In the meantime, we will look at finding a waiver.
Thanks, Paul
On Aug 28, 2019, at 7:10 PM, William Brown wbrown@suse.de wrote:
If memory serves correctly ... there are some un-resolved issues between dirsrv-admin + fips. I remember discussing this with Mark as something that may fall into the "fix when someone runs into it" because that combination we thought would be rare.
But I'm not sure that this issue here is a fips one? I've seen another issue lately where the dirsrv-admin used a different pin.txt to the dirsrvinstances, but I'm not sure of the details.
Are there fresh installs of ds? Or upgrades?
On 28 Aug 2019, at 05:51, Paul Whitney paul.whitney@chesapeake-it.com wrote:
Hi guys,
I have SSL enabled both slapd instances and dirsrv-admin on FIPS enabled CentOS 7. The instances seem to start up no problem. However, the admin console (dirsrv-admin) is complaining the password credentials are not valid for the NSS FIPS 140-2 DB even through the exact same credentials are presented to the SLAPD instances. I am using a pin.txt file in the correct format for both SLAPD and DIRSRV-ADMIN.
Are there compatibility issues with FIPS and 389-DS admin-serv?
Paul M. Whitney _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs
Ok, is there an action required from me?
Paul
On 8/29/19, 5:34 PM, "William Brown" wbrown@suse.de wrote:
This could be in "report an issue" territory I think in that case. Seems easy to reproduce.
> On 30 Aug 2019, at 02:15, Paul Whitney paul.whitney@mac.com wrote: > > Hi William, > > It is an issue with FIPS. You are correct there are differences between the pin.txt file used in admin-serv and the slap instances. However, I went into grub.conf and changed fips=1 to fips=0. Rebooted the system and the dirsrv-admin process started right up. DISA hardening requires FIPS enabled OS. So this may be one of those issues that will come back again. In the meantime, we will look at finding a waiver. > > > Thanks, > Paul > >> On Aug 28, 2019, at 7:10 PM, William Brown wbrown@suse.de wrote: >> >> If memory serves correctly ... there are some un-resolved issues between dirsrv-admin + fips. I remember discussing this with Mark as something that may fall into the "fix when someone runs into it" because that combination we thought would be rare. >> >> But I'm not sure that this issue here is a fips one? I've seen another issue lately where the dirsrv-admin used a different pin.txt to the dirsrvinstances, but I'm not sure of the details. >> >> Are there fresh installs of ds? Or upgrades? >> >>> On 28 Aug 2019, at 05:51, Paul Whitney paul.whitney@chesapeake-it.com wrote: >>> >>> Hi guys, >>> >>> I have SSL enabled both slapd instances and dirsrv-admin on FIPS enabled CentOS 7. The instances seem to start up no problem. However, the admin console (dirsrv-admin) is complaining the password credentials are not valid for the NSS FIPS 140-2 DB even through the exact same credentials are presented to the SLAPD instances. I am using a pin.txt file in the correct format for both SLAPD and DIRSRV-ADMIN. >>> >>> Are there compatibility issues with FIPS and 389-DS admin-serv? >>> >>> Paul M. Whitney >>> _______________________________________________ >>> 389-users mailing list -- 389-users@lists.fedoraproject.org >>> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org >>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... >> >> — >> Sincerely, >> >> William Brown >> >> Senior Software Engineer, 389 Directory Server >> SUSE Labs >> _______________________________________________ >> 389-users mailing list -- 389-users@lists.fedoraproject.org >> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org >> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... > > _______________________________________________ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
I can open the issue on your behalf, or if it's serious and you want it looked at as a priority, you may want to consider raising a case with RH/SUSE direct.
On 30 Aug 2019, at 09:32, Paul Whitney paul.whitney@chesapeake-it.com wrote:
Ok, is there an action required from me?
Paul
On 8/29/19, 5:34 PM, "William Brown" wbrown@suse.de wrote:
This could be in "report an issue" territory I think in that case. Seems easy to reproduce.
On 30 Aug 2019, at 02:15, Paul Whitney paul.whitney@mac.com wrote:
Hi William,
It is an issue with FIPS. You are correct there are differences between the pin.txt file used in admin-serv and the slap instances. However, I went into grub.conf and changed fips=1 to fips=0. Rebooted the system and the dirsrv-admin process started right up. DISA hardening requires FIPS enabled OS. So this may be one of those issues that will come back again. In the meantime, we will look at finding a waiver.
Thanks, Paul
On Aug 28, 2019, at 7:10 PM, William Brown wbrown@suse.de wrote:
If memory serves correctly ... there are some un-resolved issues between dirsrv-admin + fips. I remember discussing this with Mark as something that may fall into the "fix when someone runs into it" because that combination we thought would be rare.
But I'm not sure that this issue here is a fips one? I've seen another issue lately where the dirsrv-admin used a different pin.txt to the dirsrvinstances, but I'm not sure of the details.
Are there fresh installs of ds? Or upgrades?
On 28 Aug 2019, at 05:51, Paul Whitney paul.whitney@chesapeake-it.com wrote:
Hi guys,
I have SSL enabled both slapd instances and dirsrv-admin on FIPS enabled CentOS 7. The instances seem to start up no problem. However, the admin console (dirsrv-admin) is complaining the password credentials are not valid for the NSS FIPS 140-2 DB even through the exact same credentials are presented to the SLAPD instances. I am using a pin.txt file in the correct format for both SLAPD and DIRSRV-ADMIN.
Are there compatibility issues with FIPS and 389-DS admin-serv?
Paul M. Whitney _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs
Please do. It is not “critical” yet, but I the writing is on the wall and will become an issue without some waiver. Worst case I enable it and disable as needed.
Thank you,
Paul M. Whitney Sent from my Mac Book Pro
On Aug 29, 2019, at 8:14 PM, William Brown wbrown@suse.de wrote:
I can open the issue on your behalf, or if it's serious and you want it looked at as a priority, you may want to consider raising a case with RH/SUSE direct.
On 30 Aug 2019, at 09:32, Paul Whitney paul.whitney@chesapeake-it.com wrote:
Ok, is there an action required from me?
Paul
On 8/29/19, 5:34 PM, "William Brown" wbrown@suse.de wrote:
This could be in "report an issue" territory I think in that case. Seems easy to reproduce.
On 30 Aug 2019, at 02:15, Paul Whitney paul.whitney@mac.com wrote:
Hi William,
It is an issue with FIPS. You are correct there are differences between the pin.txt file used in admin-serv and the slap instances. However, I went into grub.conf and changed fips=1 to fips=0. Rebooted the system and the dirsrv-admin process started right up. DISA hardening requires FIPS enabled OS. So this may be one of those issues that will come back again. In the meantime, we will look at finding a waiver.
Thanks, Paul
On Aug 28, 2019, at 7:10 PM, William Brown wbrown@suse.de wrote:
If memory serves correctly ... there are some un-resolved issues between dirsrv-admin + fips. I remember discussing this with Mark as something that may fall into the "fix when someone runs into it" because that combination we thought would be rare.
But I'm not sure that this issue here is a fips one? I've seen another issue lately where the dirsrv-admin used a different pin.txt to the dirsrvinstances, but I'm not sure of the details.
Are there fresh installs of ds? Or upgrades?
On 28 Aug 2019, at 05:51, Paul Whitney paul.whitney@chesapeake-it.com wrote:
Hi guys,
I have SSL enabled both slapd instances and dirsrv-admin on FIPS enabled CentOS 7. The instances seem to start up no problem. However, the admin console (dirsrv-admin) is complaining the password credentials are not valid for the NSS FIPS 140-2 DB even through the exact same credentials are presented to the SLAPD instances. I am using a pin.txt file in the correct format for both SLAPD and DIRSRV-ADMIN.
Are there compatibility issues with FIPS and 389-DS admin-serv?
Paul M. Whitney _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
Well... not to be a messenger of bad news, but 389-admin/389-console & friends are deprecated. We are not doing any more bug fixes around these packages. The old java console has been replaced by a Cockpit plugin in Fedora31/RHEL8/CentOS8.
Sorry,
Mark
On 8/30/19 11:37 AM, Paul Whitney wrote:
Please do. It is not “critical” yet, but I the writing is on the wall and will become an issue without some waiver. Worst case I enable it and disable as needed.
Thank you,
Paul M. Whitney Sent from my Mac Book Pro
On Aug 29, 2019, at 8:14 PM, William Brown <wbrown@suse.de mailto:wbrown@suse.de> wrote:
I can open the issue on your behalf, or if it's serious and you want it looked at as a priority, you may want to consider raising a case with RH/SUSE direct.
On 30 Aug 2019, at 09:32, Paul Whitney <paul.whitney@chesapeake-it.com mailto:paul.whitney@chesapeake-it.com> wrote:
Ok, is there an action required from me?
Paul
On 8/29/19, 5:34 PM, "William Brown" <wbrown@suse.de mailto:wbrown@suse.de> wrote:
This could be in "report an issue" territory I think in that case. Seems easy to reproduce.
On 30 Aug 2019, at 02:15, Paul Whitney <paul.whitney@mac.com mailto:paul.whitney@mac.com> wrote:
Hi William,
It is an issue with FIPS. You are correct there are differences between the pin.txt file used in admin-serv and the slap instances. However, I went into grub.conf and changed fips=1 to fips=0. Rebooted the system and the dirsrv-admin process started right up. DISA hardening requires FIPS enabled OS. So this may be one of those issues that will come back again. In the meantime, we will look at finding a waiver.
Thanks, Paul
On Aug 28, 2019, at 7:10 PM, William Brown <wbrown@suse.de mailto:wbrown@suse.de> wrote:
If memory serves correctly ... there are some un-resolved issues between dirsrv-admin + fips. I remember discussing this with Mark as something that may fall into the "fix when someone runs into it" because that combination we thought would be rare.
But I'm not sure that this issue here is a fips one? I've seen another issue lately where the dirsrv-admin used a different pin.txt to the dirsrvinstances, but I'm not sure of the details.
Are there fresh installs of ds? Or upgrades?
On 28 Aug 2019, at 05:51, Paul Whitney <paul.whitney@chesapeake-it.com mailto:paul.whitney@chesapeake-it.com> wrote:
Hi guys,
I have SSL enabled both slapd instances and dirsrv-admin on FIPS enabled CentOS 7. The instances seem to start up no problem. However, the admin console (dirsrv-admin) is complaining the password credentials are not valid for the NSS FIPS 140-2 DB even through the exact same credentials are presented to the SLAPD instances. I am using a pin.txt file in the correct format for both SLAPD and DIRSRV-ADMIN.
Are there compatibility issues with FIPS and 389-DS admin-serv?
Paul M. Whitney _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org mailto:389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org mailto:389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org mailto:389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org mailto:389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
389-users mailing list -- 389-users@lists.fedoraproject.org mailto:389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org mailto:389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org mailto:389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org mailto:389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
389-users mailing list -- 389-users@lists.fedoraproject.org mailto:389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org mailto:389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org mailto:389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org mailto:389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
On 31 Aug 2019, at 03:07, Mark Reynolds mreynolds@redhat.com wrote:
Well... not to be a messenger of bad news, but 389-admin/389-console & friends are deprecated. We are not doing any more bug fixes around these packages. The old java console has been replaced by a Cockpit plugin in Fedora31/RHEL8/CentOS8.
What if they are on RHEL7? :(
Sorry,
Mark
On 8/30/19 11:37 AM, Paul Whitney wrote:
Please do. It is not “critical” yet, but I the writing is on the wall and will become an issue without some waiver. Worst case I enable it and disable as needed.
Thank you,
Paul M. Whitney Sent from my Mac Book Pro
On Aug 29, 2019, at 8:14 PM, William Brown wbrown@suse.de wrote:
I can open the issue on your behalf, or if it's serious and you want it looked at as a priority, you may want to consider raising a case with RH/SUSE direct.
On 30 Aug 2019, at 09:32, Paul Whitney paul.whitney@chesapeake-it.com wrote:
Ok, is there an action required from me?
Paul
On 8/29/19, 5:34 PM, "William Brown" wbrown@suse.de wrote:
This could be in "report an issue" territory I think in that case. Seems easy to reproduce.
On 30 Aug 2019, at 02:15, Paul Whitney paul.whitney@mac.com wrote:
Hi William,
It is an issue with FIPS. You are correct there are differences between the pin.txt file used in admin-serv and the slap instances. However, I went into grub.conf and changed fips=1 to fips=0. Rebooted the system and the dirsrv-admin process started right up. DISA hardening requires FIPS enabled OS. So this may be one of those issues that will come back again. In the meantime, we will look at finding a waiver.
Thanks, Paul
On Aug 28, 2019, at 7:10 PM, William Brown wbrown@suse.de wrote:
If memory serves correctly ... there are some un-resolved issues between dirsrv-admin + fips. I remember discussing this with Mark as something that may fall into the "fix when someone runs into it" because that combination we thought would be rare.
But I'm not sure that this issue here is a fips one? I've seen another issue lately where the dirsrv-admin used a different pin.txt to the dirsrvinstances, but I'm not sure of the details.
Are there fresh installs of ds? Or upgrades?
> On 28 Aug 2019, at 05:51, Paul Whitney paul.whitney@chesapeake-it.com wrote: > > Hi guys, > > I have SSL enabled both slapd instances and dirsrv-admin on FIPS enabled CentOS 7. The instances seem to start up no problem. However, the admin console (dirsrv-admin) is complaining the password credentials are not valid for the NSS FIPS 140-2 DB even through the exact same credentials are presented to the SLAPD instances. I am using a pin.txt file in the correct format for both SLAPD and DIRSRV-ADMIN. > > Are there compatibility issues with FIPS and 389-DS admin-serv? > > Paul M. Whitney > _______________________________________________ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
--
389 Directory Server Development Team
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs
On 8/30/19 9:12 PM, William Brown wrote:
On 31 Aug 2019, at 03:07, Mark Reynolds mreynolds@redhat.com wrote:
Well... not to be a messenger of bad news, but 389-admin/389-console & friends are deprecated. We are not doing any more bug fixes around these packages. The old java console has been replaced by a Cockpit plugin in Fedora31/RHEL8/CentOS8.
What if they are on RHEL7? :(
I'm sorry we simply don't have the resources to support deprecated products. In RHEL we stopped accepting bugs well over a year ago. We would accept contributions upstream, but that would be the extent of it.
Sorry,
Mark
On 8/30/19 11:37 AM, Paul Whitney wrote:
Please do. It is not “critical” yet, but I the writing is on the wall and will become an issue without some waiver. Worst case I enable it and disable as needed.
Thank you,
Paul M. Whitney Sent from my Mac Book Pro
On Aug 29, 2019, at 8:14 PM, William Brown wbrown@suse.de wrote:
I can open the issue on your behalf, or if it's serious and you want it looked at as a priority, you may want to consider raising a case with RH/SUSE direct.
On 30 Aug 2019, at 09:32, Paul Whitney paul.whitney@chesapeake-it.com wrote:
Ok, is there an action required from me?
Paul
On 8/29/19, 5:34 PM, "William Brown" wbrown@suse.de wrote:
This could be in "report an issue" territory I think in that case. Seems easy to reproduce.
On 30 Aug 2019, at 02:15, Paul Whitney paul.whitney@mac.com wrote:
Hi William,
It is an issue with FIPS. You are correct there are differences between the pin.txt file used in admin-serv and the slap instances. However, I went into grub.conf and changed fips=1 to fips=0. Rebooted the system and the dirsrv-admin process started right up. DISA hardening requires FIPS enabled OS. So this may be one of those issues that will come back again. In the meantime, we will look at finding a waiver.
Thanks, Paul
> On Aug 28, 2019, at 7:10 PM, William Brown wbrown@suse.de wrote: > > If memory serves correctly ... there are some un-resolved issues between dirsrv-admin + fips. I remember discussing this with Mark as something that may fall into the "fix when someone runs into it" because that combination we thought would be rare. > > But I'm not sure that this issue here is a fips one? I've seen another issue lately where the dirsrv-admin used a different pin.txt to the dirsrvinstances, but I'm not sure of the details. > > Are there fresh installs of ds? Or upgrades? > >> On 28 Aug 2019, at 05:51, Paul Whitney paul.whitney@chesapeake-it.com wrote: >> >> Hi guys, >> >> I have SSL enabled both slapd instances and dirsrv-admin on FIPS enabled CentOS 7. The instances seem to start up no problem. However, the admin console (dirsrv-admin) is complaining the password credentials are not valid for the NSS FIPS 140-2 DB even through the exact same credentials are presented to the SLAPD instances. I am using a pin.txt file in the correct format for both SLAPD and DIRSRV-ADMIN. >> >> Are there compatibility issues with FIPS and 389-DS admin-serv? >> >> Paul M. Whitney >> _______________________________________________ >> 389-users mailing list -- 389-users@lists.fedoraproject.org >> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org >> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... > — > Sincerely, > > William Brown > > Senior Software Engineer, 389 Directory Server > SUSE Labs > _______________________________________________ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
--
389 Directory Server Development Team
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
Hi Mark,
Does that mean there will no longer be a dirsrv-admin process running?
Paul M. Whitney
On 9/5/19, 9:17 AM, "Mark Reynolds" mreynolds@redhat.com wrote:
On 8/30/19 9:12 PM, William Brown wrote: > >> On 31 Aug 2019, at 03:07, Mark Reynolds mreynolds@redhat.com wrote: >> >> Well... not to be a messenger of bad news, but 389-admin/389-console & friends are deprecated. We are not doing any more bug fixes around these packages. The old java console has been replaced by a Cockpit plugin in Fedora31/RHEL8/CentOS8. > What if they are on RHEL7? :(
I'm sorry we simply don't have the resources to support deprecated products. In RHEL we stopped accepting bugs well over a year ago. We would accept contributions upstream, but that would be the extent of it.
> >> Sorry, >> >> Mark >> >> On 8/30/19 11:37 AM, Paul Whitney wrote: >>> Please do. It is not “critical” yet, but I the writing is on the wall and will become an issue without some waiver. Worst case I enable it and disable as needed. >>> >>> Thank you, >>> >>> >>> Paul M. Whitney >>> Sent from my Mac Book Pro >>> >>>> On Aug 29, 2019, at 8:14 PM, William Brown wbrown@suse.de wrote: >>>> >>>> I can open the issue on your behalf, or if it's serious and you want it looked at as a priority, you may want to consider raising a case with RH/SUSE direct. >>>> >>>>> On 30 Aug 2019, at 09:32, Paul Whitney paul.whitney@chesapeake-it.com wrote: >>>>> >>>>> Ok, is there an action required from me? >>>>> >>>>> Paul >>>>> >>>>> >>>>> On 8/29/19, 5:34 PM, "William Brown" wbrown@suse.de wrote: >>>>> >>>>> This could be in "report an issue" territory I think in that case. Seems easy to reproduce. >>>>> >>>>>> On 30 Aug 2019, at 02:15, Paul Whitney paul.whitney@mac.com wrote: >>>>>> >>>>>> Hi William, >>>>>> >>>>>> It is an issue with FIPS. You are correct there are differences between the pin.txt file used in admin-serv and the slap instances. However, I went into grub.conf and changed fips=1 to fips=0. Rebooted the system and the dirsrv-admin process started right up. DISA hardening requires FIPS enabled OS. So this may be one of those issues that will come back again. In the meantime, we will look at finding a waiver. >>>>>> >>>>>> >>>>>> Thanks, >>>>>> Paul >>>>>> >>>>>>> On Aug 28, 2019, at 7:10 PM, William Brown wbrown@suse.de wrote: >>>>>>> >>>>>>> If memory serves correctly ... there are some un-resolved issues between dirsrv-admin + fips. I remember discussing this with Mark as something that may fall into the "fix when someone runs into it" because that combination we thought would be rare. >>>>>>> >>>>>>> But I'm not sure that this issue here is a fips one? I've seen another issue lately where the dirsrv-admin used a different pin.txt to the dirsrvinstances, but I'm not sure of the details. >>>>>>> >>>>>>> Are there fresh installs of ds? Or upgrades? >>>>>>> >>>>>>>> On 28 Aug 2019, at 05:51, Paul Whitney paul.whitney@chesapeake-it.com wrote: >>>>>>>> >>>>>>>> Hi guys, >>>>>>>> >>>>>>>> I have SSL enabled both slapd instances and dirsrv-admin on FIPS enabled CentOS 7. The instances seem to start up no problem. However, the admin console (dirsrv-admin) is complaining the password credentials are not valid for the NSS FIPS 140-2 DB even through the exact same credentials are presented to the SLAPD instances. I am using a pin.txt file in the correct format for both SLAPD and DIRSRV-ADMIN. >>>>>>>> >>>>>>>> Are there compatibility issues with FIPS and 389-DS admin-serv? >>>>>>>> >>>>>>>> Paul M. Whitney >>>>>>>> _______________________________________________ >>>>>>>> 389-users mailing list -- 389-users@lists.fedoraproject.org >>>>>>>> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org >>>>>>>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>>>>>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>>>>>>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... >>>>>>> — >>>>>>> Sincerely, >>>>>>> >>>>>>> William Brown >>>>>>> >>>>>>> Senior Software Engineer, 389 Directory Server >>>>>>> SUSE Labs >>>>>>> _______________________________________________ >>>>>>> 389-users mailing list -- 389-users@lists.fedoraproject.org >>>>>>> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org >>>>>>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>>>>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>>>>>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... >>>>>> _______________________________________________ >>>>>> 389-users mailing list -- 389-users@lists.fedoraproject.org >>>>>> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org >>>>>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>>>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>>>>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... >>>>> — >>>>> Sincerely, >>>>> >>>>> William Brown >>>>> >>>>> Senior Software Engineer, 389 Directory Server >>>>> SUSE Labs >>>>> _______________________________________________ >>>>> 389-users mailing list -- 389-users@lists.fedoraproject.org >>>>> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org >>>>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>>>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... >>>>> >>>>> >>>>> _______________________________________________ >>>>> 389-users mailing list -- 389-users@lists.fedoraproject.org >>>>> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org >>>>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>>>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... >>>> — >>>> Sincerely, >>>> >>>> William Brown >>>> >>>> Senior Software Engineer, 389 Directory Server >>>> SUSE Labs >>>> _______________________________________________ >>>> 389-users mailing list -- 389-users@lists.fedoraproject.org >>>> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org >>>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... >>> >>> >>> _______________________________________________ >>> 389-users mailing list -- >>> 389-users@lists.fedoraproject.org >>> >>> To unsubscribe send an email to >>> 389-users-leave@lists.fedoraproject.org >>> >>> Fedora Code of Conduct: >>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>> >>> List Guidelines: >>> https://fedoraproject.org/wiki/Mailing_list_guidelines >>> >>> List Archives: >>> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... >> -- >> >> 389 Directory Server Development Team >> >> _______________________________________________ >> 389-users mailing list -- 389-users@lists.fedoraproject.org >> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org >> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... > — > Sincerely, > > William Brown > > Senior Software Engineer, 389 Directory Server > SUSE Labs > _______________________________________________ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
--
389 Directory Server Development Team _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
On 9/11/19 7:14 PM, Paul Whitney wrote:
Hi Mark,
Does that mean there will no longer be a dirsrv-admin process running?
In RHEL 8, CentOS 8, and SUSE 15 there will no longer be the 389-admin/389-console packages.
But... Did you get the emails I've been sending you with the new Admin Server build I made for you that might fix all the FIPS issues?
Mark
Paul M. Whitney
On 9/5/19, 9:17 AM, "Mark Reynolds" mreynolds@redhat.com wrote:
On 8/30/19 9:12 PM, William Brown wrote: > >> On 31 Aug 2019, at 03:07, Mark Reynolds <mreynolds@redhat.com> wrote: >> >> Well... not to be a messenger of bad news, but 389-admin/389-console & friends are deprecated. We are not doing any more bug fixes around these packages. The old java console has been replaced by a Cockpit plugin in Fedora31/RHEL8/CentOS8. > What if they are on RHEL7? :( I'm sorry we simply don't have the resources to support deprecated products. In RHEL we stopped accepting bugs well over a year ago. We would accept contributions upstream, but that would be the extent of it. > >> Sorry, >> >> Mark >> >> On 8/30/19 11:37 AM, Paul Whitney wrote: >>> Please do. It is not “critical” yet, but I the writing is on the wall and will become an issue without some waiver. Worst case I enable it and disable as needed. >>> >>> Thank you, >>> >>> >>> Paul M. Whitney >>> Sent from my Mac Book Pro >>> >>>> On Aug 29, 2019, at 8:14 PM, William Brown <wbrown@suse.de> wrote: >>>> >>>> I can open the issue on your behalf, or if it's serious and you want it looked at as a priority, you may want to consider raising a case with RH/SUSE direct. >>>> >>>>> On 30 Aug 2019, at 09:32, Paul Whitney <paul.whitney@chesapeake-it.com> wrote: >>>>> >>>>> Ok, is there an action required from me? >>>>> >>>>> Paul >>>>> >>>>> >>>>> On 8/29/19, 5:34 PM, "William Brown" <wbrown@suse.de> wrote: >>>>> >>>>> This could be in "report an issue" territory I think in that case. Seems easy to reproduce. >>>>> >>>>>> On 30 Aug 2019, at 02:15, Paul Whitney <paul.whitney@mac.com> wrote: >>>>>> >>>>>> Hi William, >>>>>> >>>>>> It is an issue with FIPS. You are correct there are differences between the pin.txt file used in admin-serv and the slap instances. However, I went into grub.conf and changed fips=1 to fips=0. Rebooted the system and the dirsrv-admin process started right up. DISA hardening requires FIPS enabled OS. So this may be one of those issues that will come back again. In the meantime, we will look at finding a waiver. >>>>>> >>>>>> >>>>>> Thanks, >>>>>> Paul >>>>>> >>>>>>> On Aug 28, 2019, at 7:10 PM, William Brown <wbrown@suse.de> wrote: >>>>>>> >>>>>>> If memory serves correctly ... there are some un-resolved issues between dirsrv-admin + fips. I remember discussing this with Mark as something that may fall into the "fix when someone runs into it" because that combination we thought would be rare. >>>>>>> >>>>>>> But I'm not sure that this issue here is a fips one? I've seen another issue lately where the dirsrv-admin used a different pin.txt to the dirsrvinstances, but I'm not sure of the details. >>>>>>> >>>>>>> Are there fresh installs of ds? Or upgrades? >>>>>>> >>>>>>>> On 28 Aug 2019, at 05:51, Paul Whitney <paul.whitney@chesapeake-it.com> wrote: >>>>>>>> >>>>>>>> Hi guys, >>>>>>>> >>>>>>>> I have SSL enabled both slapd instances and dirsrv-admin on FIPS enabled CentOS 7. The instances seem to start up no problem. However, the admin console (dirsrv-admin) is complaining the password credentials are not valid for the NSS FIPS 140-2 DB even through the exact same credentials are presented to the SLAPD instances. I am using a pin.txt file in the correct format for both SLAPD and DIRSRV-ADMIN. >>>>>>>> >>>>>>>> Are there compatibility issues with FIPS and 389-DS admin-serv? >>>>>>>> >>>>>>>> Paul M. Whitney >>>>>>>> _______________________________________________ >>>>>>>> 389-users mailing list -- 389-users@lists.fedoraproject.org >>>>>>>> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org >>>>>>>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>>>>>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>>>>>>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org >>>>>>> — >>>>>>> Sincerely, >>>>>>> >>>>>>> William Brown >>>>>>> >>>>>>> Senior Software Engineer, 389 Directory Server >>>>>>> SUSE Labs >>>>>>> _______________________________________________ >>>>>>> 389-users mailing list -- 389-users@lists.fedoraproject.org >>>>>>> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org >>>>>>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>>>>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>>>>>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org >>>>>> _______________________________________________ >>>>>> 389-users mailing list -- 389-users@lists.fedoraproject.org >>>>>> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org >>>>>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>>>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>>>>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org >>>>> — >>>>> Sincerely, >>>>> >>>>> William Brown >>>>> >>>>> Senior Software Engineer, 389 Directory Server >>>>> SUSE Labs >>>>> _______________________________________________ >>>>> 389-users mailing list -- 389-users@lists.fedoraproject.org >>>>> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org >>>>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>>>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org >>>>> >>>>> >>>>> _______________________________________________ >>>>> 389-users mailing list -- 389-users@lists.fedoraproject.org >>>>> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org >>>>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>>>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org >>>> — >>>> Sincerely, >>>> >>>> William Brown >>>> >>>> Senior Software Engineer, 389 Directory Server >>>> SUSE Labs >>>> _______________________________________________ >>>> 389-users mailing list -- 389-users@lists.fedoraproject.org >>>> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org >>>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org >>> >>> >>> _______________________________________________ >>> 389-users mailing list -- >>> 389-users@lists.fedoraproject.org >>> >>> To unsubscribe send an email to >>> 389-users-leave@lists.fedoraproject.org >>> >>> Fedora Code of Conduct: >>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>> >>> List Guidelines: >>> https://fedoraproject.org/wiki/Mailing_list_guidelines >>> >>> List Archives: >>> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org >> -- >> >> 389 Directory Server Development Team >> >> _______________________________________________ >> 389-users mailing list -- 389-users@lists.fedoraproject.org >> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org >> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org > — > Sincerely, > > William Brown > > Senior Software Engineer, 389 Directory Server > SUSE Labs > _______________________________________________ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org -- 389 Directory Server Development Team _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
I did and would be willing to test.
Paul M. Whitney, RHCSA, CISSP CONFIDENTIALITY NOTICE The information contained in this facsimile or electronic message is confidential information intended for the use of the individual or entity named above. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this facsimile message to the intended recipient, you are hereby notified that any dissemination, or copying of this communication is strictly prohibited. If this message contains non-public personal information about any consumer or customer of the sender or intended recipient, you are further prohibited under penalty of law from using or disclosing the information to any third party by provisions of the federal Gramm-Leach-Bliley Act. If you have received this facsimile or electronic message in error, please immediately notify us by telephone and return or destroy the original message to assure that it is not read, copied, or distributed by others.
________________________________ From: Mark Reynolds mreynolds@redhat.com Sent: Wednesday, September 11, 2019 7:47 PM To: General discussion list for the 389 Directory server project. 389-users@lists.fedoraproject.org; Paul Whitney paul.whitney@chesapeake-it.com Subject: Re: [389-users] Re: FIPS 140-2 and dirsrv-admin
On 9/11/19 7:14 PM, Paul Whitney wrote:
Hi Mark,
Does that mean there will no longer be a dirsrv-admin process running?
In RHEL 8, CentOS 8, and SUSE 15 there will no longer be the 389-admin/389-console packages.
But... Did you get the emails I've been sending you with the new Admin Server build I made for you that might fix all the FIPS issues?
Mark
Paul M. Whitney
On 9/5/19, 9:17 AM, "Mark Reynolds" mreynolds@redhat.com wrote:
On 8/30/19 9:12 PM, William Brown wrote: > >> On 31 Aug 2019, at 03:07, Mark Reynolds <mreynolds@redhat.com> wrote: >> >> Well... not to be a messenger of bad news, but 389-admin/389-console & friends are deprecated. We are not doing any more bug fixes around these packages. The old java console has been replaced by a Cockpit plugin in Fedora31/RHEL8/CentOS8. > What if they are on RHEL7? :( I'm sorry we simply don't have the resources to support deprecated products. In RHEL we stopped accepting bugs well over a year ago. We would accept contributions upstream, but that would be the extent of it. > >> Sorry, >> >> Mark >> >> On 8/30/19 11:37 AM, Paul Whitney wrote: >>> Please do. It is not “critical” yet, but I the writing is on the wall and will become an issue without some waiver. Worst case I enable it and disable as needed. >>> >>> Thank you, >>> >>> >>> Paul M. Whitney >>> Sent from my Mac Book Pro >>> >>>> On Aug 29, 2019, at 8:14 PM, William Brown <wbrown@suse.de> wrote: >>>> >>>> I can open the issue on your behalf, or if it's serious and you want it looked at as a priority, you may want to consider raising a case with RH/SUSE direct. >>>> >>>>> On 30 Aug 2019, at 09:32, Paul Whitney <paul.whitney@chesapeake-it.com> wrote: >>>>> >>>>> Ok, is there an action required from me? >>>>> >>>>> Paul >>>>> >>>>> >>>>> On 8/29/19, 5:34 PM, "William Brown" <wbrown@suse.de> wrote: >>>>> >>>>> This could be in "report an issue" territory I think in that case. Seems easy to reproduce. >>>>> >>>>>> On 30 Aug 2019, at 02:15, Paul Whitney <paul.whitney@mac.com> wrote: >>>>>> >>>>>> Hi William, >>>>>> >>>>>> It is an issue with FIPS. You are correct there are differences between the pin.txt file used in admin-serv and the slap instances. However, I went into grub.conf and changed fips=1 to fips=0. Rebooted the system and the dirsrv-admin process started right up. DISA hardening requires FIPS enabled OS. So this may be one of those issues that will come back again. In the meantime, we will look at finding a waiver. >>>>>> >>>>>> >>>>>> Thanks, >>>>>> Paul >>>>>> >>>>>>> On Aug 28, 2019, at 7:10 PM, William Brown <wbrown@suse.de> wrote: >>>>>>> >>>>>>> If memory serves correctly ... there are some un-resolved issues between dirsrv-admin + fips. I remember discussing this with Mark as something that may fall into the "fix when someone runs into it" because that combination we thought would be rare. >>>>>>> >>>>>>> But I'm not sure that this issue here is a fips one? I've seen another issue lately where the dirsrv-admin used a different pin.txt to the dirsrvinstances, but I'm not sure of the details. >>>>>>> >>>>>>> Are there fresh installs of ds? Or upgrades? >>>>>>> >>>>>>>> On 28 Aug 2019, at 05:51, Paul Whitney <paul.whitney@chesapeake-it.com> wrote: >>>>>>>> >>>>>>>> Hi guys, >>>>>>>> >>>>>>>> I have SSL enabled both slapd instances and dirsrv-admin on FIPS enabled CentOS 7. The instances seem to start up no problem. However, the admin console (dirsrv-admin) is complaining the password credentials are not valid for the NSS FIPS 140-2 DB even through the exact same credentials are presented to the SLAPD instances. I am using a pin.txt file in the correct format for both SLAPD and DIRSRV-ADMIN. >>>>>>>> >>>>>>>> Are there compatibility issues with FIPS and 389-DS admin-serv? >>>>>>>> >>>>>>>> Paul M. Whitney >>>>>>>> _______________________________________________ >>>>>>>> 389-users mailing list -- 389-users@lists.fedoraproject.org >>>>>>>> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org >>>>>>>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>>>>>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>>>>>>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org >>>>>>> — >>>>>>> Sincerely, >>>>>>> >>>>>>> William Brown >>>>>>> >>>>>>> Senior Software Engineer, 389 Directory Server >>>>>>> SUSE Labs >>>>>>> _______________________________________________ >>>>>>> 389-users mailing list -- 389-users@lists.fedoraproject.org >>>>>>> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org >>>>>>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>>>>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>>>>>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org >>>>>> _______________________________________________ >>>>>> 389-users mailing list -- 389-users@lists.fedoraproject.org >>>>>> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org >>>>>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>>>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>>>>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org >>>>> — >>>>> Sincerely, >>>>> >>>>> William Brown >>>>> >>>>> Senior Software Engineer, 389 Directory Server >>>>> SUSE Labs >>>>> _______________________________________________ >>>>> 389-users mailing list -- 389-users@lists.fedoraproject.org >>>>> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org >>>>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>>>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org >>>>> >>>>> >>>>> _______________________________________________ >>>>> 389-users mailing list -- 389-users@lists.fedoraproject.org >>>>> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org >>>>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>>>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org >>>> — >>>> Sincerely, >>>> >>>> William Brown >>>> >>>> Senior Software Engineer, 389 Directory Server >>>> SUSE Labs >>>> _______________________________________________ >>>> 389-users mailing list -- 389-users@lists.fedoraproject.org >>>> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org >>>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org >>> >>> >>> _______________________________________________ >>> 389-users mailing list -- >>> 389-users@lists.fedoraproject.org >>> >>> To unsubscribe send an email to >>> 389-users-leave@lists.fedoraproject.org >>> >>> Fedora Code of Conduct: >>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>> >>> List Guidelines: >>> https://fedoraproject.org/wiki/Mailing_list_guidelines >>> >>> List Archives: >>> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org >> -- >> >> 389 Directory Server Development Team >> >> _______________________________________________ >> 389-users mailing list -- 389-users@lists.fedoraproject.org >> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org >> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org > — > Sincerely, > > William Brown > > Senior Software Engineer, 389 Directory Server > SUSE Labs > _______________________________________________ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org -- 389 Directory Server Development Team _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
--
389 Directory Server Development Team
Paul,
Turns out I had to do some work around this area anyway, so I will respin the admin server with a potential fix. I would like you to test it for me. What is the exact version of 389-admin you are using? rpm -qa | 389-admin
Thanks, Mark
On 8/30/19 9:12 PM, William Brown wrote:
On 31 Aug 2019, at 03:07, Mark Reynolds mreynolds@redhat.com wrote:
Well... not to be a messenger of bad news, but 389-admin/389-console & friends are deprecated. We are not doing any more bug fixes around these packages. The old java console has been replaced by a Cockpit plugin in Fedora31/RHEL8/CentOS8.
What if they are on RHEL7? :(
Sorry,
Mark
On 8/30/19 11:37 AM, Paul Whitney wrote:
Please do. It is not “critical” yet, but I the writing is on the wall and will become an issue without some waiver. Worst case I enable it and disable as needed.
Thank you,
Paul M. Whitney Sent from my Mac Book Pro
On Aug 29, 2019, at 8:14 PM, William Brown wbrown@suse.de wrote:
I can open the issue on your behalf, or if it's serious and you want it looked at as a priority, you may want to consider raising a case with RH/SUSE direct.
On 30 Aug 2019, at 09:32, Paul Whitney paul.whitney@chesapeake-it.com wrote:
Ok, is there an action required from me?
Paul
On 8/29/19, 5:34 PM, "William Brown" wbrown@suse.de wrote:
This could be in "report an issue" territory I think in that case. Seems easy to reproduce.
On 30 Aug 2019, at 02:15, Paul Whitney paul.whitney@mac.com wrote:
Hi William,
It is an issue with FIPS. You are correct there are differences between the pin.txt file used in admin-serv and the slap instances. However, I went into grub.conf and changed fips=1 to fips=0. Rebooted the system and the dirsrv-admin process started right up. DISA hardening requires FIPS enabled OS. So this may be one of those issues that will come back again. In the meantime, we will look at finding a waiver.
Thanks, Paul
> On Aug 28, 2019, at 7:10 PM, William Brown wbrown@suse.de wrote: > > If memory serves correctly ... there are some un-resolved issues between dirsrv-admin + fips. I remember discussing this with Mark as something that may fall into the "fix when someone runs into it" because that combination we thought would be rare. > > But I'm not sure that this issue here is a fips one? I've seen another issue lately where the dirsrv-admin used a different pin.txt to the dirsrvinstances, but I'm not sure of the details. > > Are there fresh installs of ds? Or upgrades? > >> On 28 Aug 2019, at 05:51, Paul Whitney paul.whitney@chesapeake-it.com wrote: >> >> Hi guys, >> >> I have SSL enabled both slapd instances and dirsrv-admin on FIPS enabled CentOS 7. The instances seem to start up no problem. However, the admin console (dirsrv-admin) is complaining the password credentials are not valid for the NSS FIPS 140-2 DB even through the exact same credentials are presented to the SLAPD instances. I am using a pin.txt file in the correct format for both SLAPD and DIRSRV-ADMIN. >> >> Are there compatibility issues with FIPS and 389-DS admin-serv? >> >> Paul M. Whitney >> _______________________________________________ >> 389-users mailing list -- 389-users@lists.fedoraproject.org >> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org >> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... > — > Sincerely, > > William Brown > > Senior Software Engineer, 389 Directory Server > SUSE Labs > _______________________________________________ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
--
389 Directory Server Development Team
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
389-users@lists.fedoraproject.org