On Mon, 2009-11-16 at 14:06 +0100, Sumit Bose wrote: > Hi, > > this patch should fix #279 by ignoring the shadow attributes by > default.
I was thinking about this and I think I don't want to go down this way. While automatic discovery of the expiration attributes is nice, I think it is an issue. I would rather see an attribute that overrides find_password_expiration_attributes() instead. This way the admin can force what expiration policy should be used regardless of what random attributes may be found. something like: password_policy_type choice of: none, ldap_pwd_policy, mit_kerberos, shadow, auto so if you don't want anything use password_policy_type = none if you want to use only shadow (even if the server supports ldap_pwd_policies set password_policy_type = shadow I am unsure if we want to add "auto", that would be the default and use the find_password_expiration_attributes() to autodetect what to use. Thoughts ? Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel