On Tue, 2011-04-26 at 11:01 +0200, Jakub Hrozek wrote: > [PATCH 1/2] Require openssl-devel is libcrypto backend is selected > > I've changed the configure flags a little. The previous --enable-crypto > sounded like something you should enable to get the functionality > compiled in rather than a selection of alternative crypto back end. > > https://fedorahosted.org/sssd/ticket/844 > > [PATCH 2/2] BUILD.txt: Warn that all crypto features are implemented > > Note that the recommended default is NSS.
Nack. Please add a warning in the configure script as well when using libcrypto. No one EVER reads the BUILD.txt. Have you tested whether functionality works with libcrypto at all? What happens when cache_passwords = true? Do we store them plaintext or fail entirely? Is it a graceful failure? I'm honestly not sure there's a good reason to allow the use of libcrypto at all at this point. I think we should consider disabling it (not removing it) until and unless someone else decides to maintain it.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
