On Tue, Jan 25, 2011 at 7:57 AM, Stephen Gallagher <sgall...@redhat.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > This is going to be a controversial patch. It adds support for an option > called "ldap_auth_disable_tls_never_use_in_production" which allows SSSD > to perform LDAP simple-bind authentication without a corresponding TLS > tunnel. > > Multiple users have requested (arguably demanded) this feature for > "debugging" purposes. We've resisted it for a long time, but after a > certain point, once people yell often enough, it's probably worth it to > listen.
Why don't you make sssd also complain on startup about this option? -- Jeff Schroeder Don't drink and derive, alcohol and analysis don't mix. http://www.digitalprognosis.com _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel