Previously, we were only displaying expiration warnings if the password was going to expire within a day. We'll allow LDAP to make this decision (by whether it passes us the expiration time).
In the future, we can add an option to clamp this down to a shorter period if the local admin prefers it. https://fedorahosted.org/sssd/ticket/940
From 5549e25ca0633c9a1d69399ef093359b19318e04 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher <[email protected]> Date: Mon, 1 Aug 2011 10:48:06 -0400 Subject: [PATCH] Allow LDAP to decide when an expiration warning is warranted Previously, we were only displaying expiration warnings if the password was going to expire within a day. We'll allow LDAP to make this decision (by whether it passes us the expiration time). In the future, we can add an option to clamp this down to a shorter period if the local admin prefers it. --- src/responder/pam/pamsrv_cmd.c | 7 ++++--- 1 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index 3c9d7600a70465cd087950d775d2f7a78a3ab141..7fcf9854385c51a9c9721585c940c7d1b387a630 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -409,9 +409,10 @@ static errno_t filter_responses(struct confdb_ctx *cdb, } memcpy(&expire_warn, resp->data + sizeof(uint32_t), sizeof(uint32_t)); - if(expire_warn > pam_expiration_warning * (60 * 60 * 24)) { - resp->do_not_send_to_client = true; - } + /* TODO: Add an option to limit the display of the + * expiration warning to a specified number of + * days (e.g. 14) + */ break; default: DEBUG(7, ("User info type [%d] not filtered.\n")); -- 1.7.6
signature.asc
Description: This is a digitally signed message part
_______________________________________________ sssd-devel mailing list [email protected] https://fedorahosted.org/mailman/listinfo/sssd-devel
