-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/26/2010 11:43 AM, Sumit Bose wrote: > I'm not sure this is a good idea, unless you want to force > provider=local domains to have cache_credentials=true. Right now, this > will break authentication against the LOCAL domain if cache_credentials > is not set. > > >> Currently provider=local domains do not use sysdb_cache_auth_send() >> although it might be a good idea let them use it to have only one place >> where the password hashes are compared. > >> To make this work we should check for (cache_credentials==true || >> strcmp(domain->name, "local") == 0) and add a new option similar to >> offline_credentials_expiration for local domains. > >> But I would prefer to do this in a separate patch. > >> What do you think?
I think this is fine, then. Ack to this patch, but please consolidate the hashed password checks in the future. - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAktnHHoACgkQeiVVYja6o6MZbACgsOxlGAdN5NrLhr1YUhP7qHKt Cl4AnA2jsX9a1c3MYt0ahnavZ4UE0Bpc =4Nii -----END PGP SIGNATURE----- _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
