From 3c40d3aa9e3d431be1e625aa91cdcbeffd0d1271 Mon Sep 17 00:00:00 2001
From: Florence Blanc-Renaud <frenaud@redhat.com>
Date: Mon, 27 Jun 2016 10:23:14 +0200
Subject: Do not allow installation in FIPS mode

https://fedorahosted.org/freeipa/ticket/5761

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
---
 client/ipa-client-install | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'client')

diff --git a/client/ipa-client-install b/client/ipa-client-install
index 1cdaf7b3e..cee202f89 100755
--- a/client/ipa-client-install
+++ b/client/ipa-client-install
@@ -45,7 +45,7 @@ try:
     import ipaclient.ntpconf
     from ipapython.ipautil import (
         run, user_input, CalledProcessError, file_exists, dir_exists,
-        realm_to_suffix)
+        realm_to_suffix, is_fips_enabled)
     from ipaplatform.tasks import tasks
     from ipaplatform import services
     from ipaplatform.paths import paths
@@ -3076,6 +3076,9 @@ def main():
 
     if not os.getegid() == 0:
         sys.exit("\nYou must be root to run ipa-client-install.\n")
+    if is_fips_enabled():
+        sys.exit("Installing IPA client in FIPS mode is not supported")
+
     tasks.check_selinux_status()
     logging_setup(options)
     root_logger.debug(
-- 
cgit