Cloned from upstream: https://pagure.io/freeipa/issue/6824
Dogtag is unable to create a strong-enough PIN in FIPS (https://pagure.io/dogtagpki/issue/2556 - they only use some numbers) to be used to create an NSS database.
Add a workaround setting `pki_pin` to a random value we can generate by ipautil.ipa_generate_password().
Verified using IPA version ::
# rpm -qa ipa-server
[root@ipaserver01 ~]# grep pki_pin /var/log/ipaserver-install.log && echo $?
pki_pin = XXXXXXXX
Marking BZ as verified. Also, ran Sanity and FIPS related testcases to verify PKI_PIN.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.