Do we even know for sure this krb5-k5tls is enough for fips compliance, and that it replaces *all* crypto code in kerberos with openssl calls?
Do we even know for sure this krb5-k5tls is enough for fips compliance, and that it replaces *all* crypto code in kerberos with openssl calls?