On Wed, 2011-04-20 at 15:05 +0200, Jan Zeleny wrote: > Stephen Gallagher <sgall...@redhat.com> wrote: > > On Fri, 2011-04-01 at 16:46 +0200, Jan Zelený wrote: > > > These changes are all related to the following ticket: > > > https://fedorahosted.org/sssd/ticket/763 > > > > > > Changes in SSSDConfig.py merge old and new domain record instead of just > > > deleting the old and inserting the new one. The old approach let to loss > > > of some information like comments and blank lines in the config file. > > > > > > Changes in API config were performed so our Python scripts (like > > > sss_obfuscate) don't add extra config options to the config file. > > > > Nack. > > > > As we discussed on IRC, the 'services' option in [sssd] must be left as > > mandatory. > > > > Similarly, do not make krb5_realm optional. It must exist if using the > > kerberos provider. > > krb5_realm (string) > > The name of the Kerberos realm. This option is required > > and must be specified. > > I'm not sure that's entirely correct. What if someone uses SSSD only as an id > provider? Unlikely, but possible ...
If they do so, then this option isn't available. It is mandatory only when auth_provider = krb5 (or access_provider/chpass_provider). The version of krb5_realm in sssd-ldap.conf should be marked as non-mandatory though (which I just checked that it already is).
signature.asc
Description: This is a digitally signed message part
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
