What are the measured DNS response times that you're seeing and are
cloudflares and google's response times in accordance with the
recommended times.
Any DNS query needs to allow at least a response time to the other side
of the planet and then some. There are some recommended values in some
RFC's
On Sun, 2022-07-17 at 11:43 +0200, Harald Dunkel via FreeIPA-users
wrote:
> As written before, wifi and VPN connections are established *after*
> theuser logged in using information stored in the cache. I can't help
> it.Esp. I cannot support a VPN connection at boot time in a wifi
> network Ihave
On Sat, 2022-07-16 at 15:03 +0100, Sam Morris via FreeIPA-users wrote:
> On 16/07/2022 11:09, Harald Dunkel via FreeIPA-users wrote:
> > I've got a few colleagues running Debian 10 or 11 on a laptop.
> > Their accountis managed by FreeIPA in the office. On first-time
> > login their laptop iswired
Hi Angus,
Just be aware that maintaining parrellel records is an overhead in the
longer term as it's a manual process of keeping things in sync.
Delegation is a simpler more natural solution in general.
Your pubic DNS servers can delegate to an internal DNS domain and then
you'll only have the i
Hi All,
Angus you appear to be struggling with fundamental concepts of how to
manage DNS rather than how to manage FreeIPA. It appears you've already
made design decisions without understanding the implications. You
really need to understand the concept of split brain DNS and the
complications ass
Hi All,
If you're looking for a relatively simple solution the migration to
Rocky linux can be achieved relatively painlessly. We've been kicking
the tyres over the past few months and it fits our use case and Centos8
going forward doesn't. This isn't a shot at either Centos, Redhat or
IBM its a s
Hi Simo,
Thanks for the clear response.
This is more in keeping with my understanding of the assurance
process.
In short
* FIPS evaluation only applies to the algorithms in scope. Generally
something like Suite B
* FIPS is only applicable to a particular instance ie binary or set of
binaries
Hi All,
While your paranoia might be making you do it you're doing a lot of
work and not providing yourself with much protection. Basically RSA-
2048 provides 25 bits of quantum protection and RSA-15360 only provides
31 bits.
https://techbeacon.com/security/waiting-quantum-computing-why-encryptio
hardware/VM of your choice
Kind Regards
-Original Message-From: Ian Willis via FreeIPA-users <
freeipa-users@lists.fedorahosted.org>Reply-To: FreeIPA users list <
freeipa-users@lists.fedorahosted.org>To:
freeipa-users@lists.fedorahosted.orgCc: Ian Willis <
fed...@checksum.
page/Howto/Promote_CA_to_Renewal_and_CRL_Master
Follow standard installation procedure to deploy a new master on a
hardware/VM of your choice
Kind Regards
-Original Message-----
From: Ian Willis via FreeIPA-users <
freeipa-users@lists.fedorahosted.org>
Reply-To: FreeIPA users list
T
-Original Message-
From: Ian Willis via FreeIPA-users <
freeipa-users@lists.fedorahosted.org>
Reply-To: FreeIPA users list
To: freeipa-users@lists.fedorahosted.org
Cc: Ian Willis
Subject: [Freeipa-users] FreeIPA centos8 update Failed to authenticate
to CA REST API
Date: Tue, 12 Ja
Hi All,
I've been using freeipa configured as a HA pair on Centos for about 12
months and I've been really impressed, however this morning it has
started pumping mud. Any suggestions appreciated.
I did a dnf update of the server which appears to have broken the
FreeIPA server and I see the follo
12 matches
Mail list logo
