Steve Reed via FreeIPA-users wrote:
If I successfully install FreeIPA in FIPS mode, does that mean that
all my clients that call on the server need to be in FIPS mode as well? Or can I just
have the server in FIPS mode and the clients in whatever mode I want?
We don't, and currently have no way, to enforce that FIPS is enabled in
clients if the server is, but I doubt an auditor would certify a mixed
environment. So if you want FIPS to be sure you are following good
crypto policies on the server then great, mixed should work fine. If you
need FIPS for some compliance reason then I guess it depends on your
auditor.
As with most things, the devil is in the details.
rob