Mailing List Archives Authenticated access	UW Madison Computer Sciences Department Computer Systems Lab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] - Re: Condor_master aborting because of FIPS mode

Date: Wed, 05 Aug 2020 02:27:38 +0000
From: Michael Pelletier <michael.v.pelletier@xxxxxxxxxxxx>
Subject: Re: [HTCondor-users] - Re: Condor_master aborting because of FIPS mode

With kernel FIPS enforcement on, the MD5 hash used in HTCondor network packets is not permitted.

A FIPS-enabled release of HTCondor is available, which replaces the message integrity hash with SHA1 rather than MD5. Since the hash size changed, the protocol is not compatible with the non-FIPS protocol, so a pool needs to be either all FIPS or all non-FIPS. The two releases cannot communicate with each other. You also need to remove the BLOWFISH algorithm from the SEC_DEFAULT_CRYPTO_METHODS list - set it to only use 3DES.

The YUM repo for the FIPS release is here: https://research.cs.wisc.edu/htcondor/yum/fips/


Michael V Pelletier
Principal Engineer

Raytheon Technologies
Information Technology
Digital Transormation & Innovation

References:
- Re: [HTCondor-users] Condor_master aborting because of FIPS mode
  - From: Zach Miller
- Re: [HTCondor-users] [External] - Re: Condor_master aborting because of FIPS mode
  - From: Wesley Taylor

Prev by Date: Re: [HTCondor-users] How to submit jobs to both Windows and Linux with a single .sub file
Next by Date: [HTCondor-users] Are file paths in the config macros strings or expressions?
Previous by thread: Re: [HTCondor-users] [External] - Re: Condor_master aborting because of FIPS mode
Next by thread: Re: [HTCondor-users] CondorCE: job transform for normalizing jobs' core/mem ratio?
Index(es):
- Date
- Thread

Mailing List Archives

Authenticated access

Re: [HTCondor-users] - Re: Condor_master aborting because of FIPS mode