On Tue, Feb 11, 2014 at 02:57:40PM +0200, Alexander Bokovoy wrote: > On Mon, 10 Feb 2014, Jakub Hrozek wrote: > >On Mon, Feb 10, 2014 at 04:06:37PM -0500, Nathaniel McCallum wrote: > >>https://fedorahosted.org/freeipa/ticket/4173 > >> > >>I do have one question. Do we ever try to "upgrade" the SSSD config? If > >>so, should we try to "upgrade" the SSSD config to enable FAST by > >>default? > >> > >>Nathaniel > > > >What if we changed the SSSD defaults instead? Would enabling FAST by > >default break backwards compatibility in any way if we set it to "try" ? > 'try' shouldn't break anything now that I fixed SSSD side to properly > process OTP token responses. > > >I would prefer to keep the config as clean as possible and only rely on > >sane defaults. > I agree but this means we would depend on specific SSSD version to > provide full OTP experience. It may be good to be clear with that in > documentation instead of explicitly setting the option, though.
Wouldn't you prefer to Require a specific version anyway to make sure the OTP fix is in? _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
