I’m going to be required to run my APICs in FIPS mode. Currently we use ACS to authenticate. FIPS breaks that authentication since it’s done with TACACS+. It looks like the only other way to authenticate without using local accounts (which won’t be allowed) is with LDAP.
So my two questions are:
-
Is LDAP compatible with RSA and would it be an easy implementation? Anything that’s too complicated would like become a long prolonged process requiring the politics of getting multiple teams together and getting everything to work correctly.
-
Is there another way? RADIUS key wrappers are FIPS compliant. They’re not supported by the APICs though.
Ok, third question:
- Anyone here if there’s any plan to implement RADIUS key wrapper compatibility in any future APIC code versions?
No comments:
Post a Comment