Bug 973548

Summary: autofs fips testing
Product: Red Hat Enterprise Linux 7 Reporter: Ian Kent <ikent>
Component: autofsAssignee: Ian Kent <ikent>
Status: CLOSED WONTFIX QA Contact: Filesystem QE <fs-qe>
Severity: low Docs Contact:
Priority: unspecified    
Version: 7.0   
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-06-12 08:22:16 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 839624    

Description Ian Kent 2013-06-12 08:20:56 UTC 
FIPS testing of autofs was carried out against package autofs-5.0.7-19
with the following results:

The automated regression testing did not function when the task
to enable FIPS mode was added.

Manual testing was done by running the autofs Connectathon test
suite and no problems specific to FIPS mode were seen.

Selected tests from the Beaker autofs-workflow regression test
suite (CoreOS/autofs/bugzillas) were manually run:

bz559430 (MD5, ldap, sasl)                      PASS
bz593378 (NIS)                                  PASS
bz443933 (NIS)                                  PASS
bz607785 (TLS)                                  FAIL
bz185443 (SSL)                                  FAIL
bz481139 (Kerberos, SASL)                       FAIL
                                                Unable to run on RHEL-6
                                                server krb5_util create
                                                has changed somehow.

The above result indicates that using SSL, TLS doesn't function.
Given that configuration of the external subsystems for these
features is essentially outside the scope of autofs itself the
functionality may work for a system that is suitably configured.

I was unable to run test bz481139 due to a problem when manually
running the test but given the result of the SSL and TLS function
I expect it will also fail and I'm claiming a FAIL for it.
Comment 1 Ian Kent 2013-06-12 08:25:51 UTC 
While it may be worth testing this again when new packages are
imported, particularly for test bz481139, the fact that the
crystallographic configuration is mostly outside autofs itself
I'm closing this WONTFIX.
Comment 2 Ian Kent 2013-08-05 06:44:40 UTC 
A new revision, autofs-5.0.7-28, has been imported.
The changes between revision 19 and 28 shouldn't affect the
previous behaviour described in this bug so re-testing has
not been carried out.

The results above still apply.