On Mon, Nov 16, 2009 at 09:23:17AM -0500, Simo Sorce wrote: > On Mon, 2009-11-16 at 14:06 +0100, Sumit Bose wrote: > > Hi, > > > > this patch should fix #279 by ignoring the shadow attributes by > > default. > > I was thinking about this and I think I don't want to go down this way. > While automatic discovery of the expiration attributes is nice, I think > it is an issue. > > I would rather see an attribute that overrides > find_password_expiration_attributes() instead. > > This way the admin can force what expiration policy should be used > regardless of what random attributes may be found. > > something like: password_policy_type > choice of: none, ldap_pwd_policy, mit_kerberos, shadow, auto > > so if you don't want anything use > password_policy_type = none > > if you want to use only shadow (even if the server supports > ldap_pwd_policies set password_policy_type = shadow > > I am unsure if we want to add "auto", that would be the default and use > the find_password_expiration_attributes() to autodetect what to use. > > Thoughts ? > > Simo. >
I like it. Please wait for a new patch ... bye, Sumit _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel