Hi Enzo, Thanks for the patch. After it is applied, the build fails on my machine: rst2man --syntax-highlight=none mount.cifs.rst mount.cifs.8 mount.cifs.rst:952: (ERROR/3) Unknown target name: "https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/fips140-2/fips1402ig.pdf<https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/fips140-2/fips1402ig.pdf>". Does it compile on your side? Best regards, Pavel Shilovsky пн, 4 апр. 2022 г. в 19:26, Enzo Matsumiya <ematsumiya@xxxxxxx>: > > On 04/03, Steve French wrote: > >SMB2.1 or later is probably fine (and we note SMB2.1 or 3) for most > >cases in our mount warning message. > > > >But this FIPS compliance issue reminds me that we should get the other > >auth mechanisms working that are 'peer to peer' (so not forced to be > >domain joined). krb5 is great, but Macs support 'peer-to-peer > >kerberos' and also SCRAM (RFC 7677) so we could also presumably get > >FIPS compliant login for peer-to-peer cases if we implement on or both > >of those other auth mechanisms. > > Thanks, Steve. AFAIK, as I mentioned earlier, I don't see FIPS > disapproving particular auth mechanisms, but if those you mention uses > algorithms that are not on FIPS-validated crypto modules, we're out of > luck there as well. > > (full disclosure: I'm not yet familiar with "peer-to-peer kerberos") > > On-topic: I'd just like to have this patch merged for informational > purposese only. I then can start working on your's and Tom's > suggestions. > > >Anyone have some Macs or Mac VMs to test against ...? > > Yes. But let's move this one privately please. > > > Cheers, > > Enzo
