URL: https://github.com/SSSD/sssd/pull/438 Title: #438: krb5_child: Distinguish between expired & disabled AD user
lslebodn commented: """ > I'm just wondering if we should enable it by default and add an option to > switch to the plain libkrb5 call for environments where the master KDC lookup > is really needed (and works)? What do you think? I did not want to add new option (we already have many of them) therefore it is enabled only for ad provider so users could use auth provider krb5 to have old behaviour. Or rename krb5_child and use shell wrapper which will clean parameter `--sss-creds-password`. But I am not against creating new option. """ See the full comment at https://github.com/SSSD/sssd/pull/438#issuecomment-348518102
_______________________________________________ sssd-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
