Pittman: > Hey, thanks for filing away that request. We had previous folks > asking for similar things, but no one indicated that FIPS compliant > OpenSSL would absolutely refuse to work with MD5, full stop. > Am I right in imagining, given your title, that FIPS mode is an > absolute requirement for y'all to use Puppet on your systems?
I believe I understand your question when I say: yes, we have to use FIPS mode on our systems; if Puppet does not work under FIPS mode, we can't use Puppet. At my site, right now, it works ok, because I have locally-made RPM packages of Puppet and Ruby with the rough patches that I've indicated in the issue reports I've filed. For J. Random Federalgovernment Admin, it probably needs to work more smoothly. (What were her parents thinking, giving her two middle names...) Further reading: <http://iase.disa.mil/stigs/os/unix/unix.html> <http://www.dtic.mil/whs/directives/corres/pdf/850002p.pdf> (look for DCAS-1 and DCCS-2) <http://www.niap-ccevs.org/faqs/nstissp-11/> Federal Information Security Management Act (FISMA) -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
