On Tue, 2014-02-11 at 14:27 +0100, Jakub Hrozek wrote: > On Tue, Feb 11, 2014 at 02:57:40PM +0200, Alexander Bokovoy wrote: > > On Mon, 10 Feb 2014, Jakub Hrozek wrote: > > >On Mon, Feb 10, 2014 at 04:06:37PM -0500, Nathaniel McCallum wrote: > > >>https://fedorahosted.org/freeipa/ticket/4173 > > >> > > >>I do have one question. Do we ever try to "upgrade" the SSSD config? If > > >>so, should we try to "upgrade" the SSSD config to enable FAST by > > >>default? > > >> > > >>Nathaniel > > > > > >What if we changed the SSSD defaults instead? Would enabling FAST by > > >default break backwards compatibility in any way if we set it to "try" ? > > 'try' shouldn't break anything now that I fixed SSSD side to properly > > process OTP token responses. > > > > >I would prefer to keep the config as clean as possible and only rely on > > >sane defaults. > > I agree but this means we would depend on specific SSSD version to > > provide full OTP experience. It may be good to be clear with that in > > documentation instead of explicitly setting the option, though. > > Wouldn't you prefer to Require a specific version anyway to make sure > the OTP fix is in?
Agreed. In a private conversation, Jakub is going to work up a patch. Nathaniel _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel