On Thu, 2011-08-04 at 10:11 -0400, Stephen Gallagher wrote: > On Mon, 2011-08-01 at 12:19 -0400, Stephen Gallagher wrote: > > On Mon, 2011-08-01 at 11:00 -0400, Simo Sorce wrote: > > > On Mon, 2011-08-01 at 10:50 -0400, Stephen Gallagher wrote: > > > > Previously, we were only displaying expiration warnings if the > > > > password was going to expire within a day. We'll allow LDAP to > > > > make this decision (by whether it passes us the expiration time). > > > > > > > > In the future, we can add an option to clamp this down to a > > > > shorter period if the local admin prefers it. > > > > > > > > https://fedorahosted.org/sssd/ticket/940 > > > > > > ACK. > > > > > > Pushed to master and sssd-1-5 > > > I misread the original code here and have since noticed that the option > to clamp this down was in fact already present (due to the fact that > Kerberos always reports the expiration time). Unfortunately, by pushing > the patch above, we have regressed that behavior. > > Patch 0001: Revert the patch from earlier in this thread. > Patch 0002: Add the ability to always display the expiration and make > this the default. > > I'm a little unsure about patch 0002 as it will require modification for > existing Kerberos deployments in order to make LDAP deployments happier. > Opinions welcome.
Upon further reflection, I'm going to withdraw 0002 from consideration. There's no reason to change the defaults right now. Pushing 0001 to master, sssd-1-5 and sssd-1-6 to revert the regression.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ sssd-devel mailing list [email protected] https://fedorahosted.org/mailman/listinfo/sssd-devel
