Steve Reed via FreeIPA-users wrote: > If I successfully install FreeIPA in FIPS mode, does that mean that all my > clients that call on the server need to be in FIPS mode as well? Or can I > just have the server in FIPS mode and the clients in whatever mode I want?
We don't, and currently have no way, to enforce that FIPS is enabled in clients if the server is, but I doubt an auditor would certify a mixed environment. So if you want FIPS to be sure you are following good crypto policies on the server then great, mixed should work fine. If you need FIPS for some compliance reason then I guess it depends on your auditor. As with most things, the devil is in the details. rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
