-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/25/2011 10:59 AM, Jeff Schroeder wrote: > On Tue, Jan 25, 2011 at 7:57 AM, Stephen Gallagher <sgall...@redhat.com> > wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> This is going to be a controversial patch. It adds support for an option >> called "ldap_auth_disable_tls_never_use_in_production" which allows SSSD >> to perform LDAP simple-bind authentication without a corresponding TLS >> tunnel. >> >> Multiple users have requested (arguably demanded) this feature for >> "debugging" purposes. We've resisted it for a long time, but after a >> certain point, once people yell often enough, it's probably worth it to >> listen. > > Why don't you make sssd also complain on startup about this option? >
I'm trying not to be TOO obnoxious about it. I figured that not having it mentioned in the documentation and not visible to the SSSDConfig API would be sufficient. But if you feel strongly about it, it's not too hard to add. - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk0+9aUACgkQeiVVYja6o6OooQCfQKiHlOqEuSU7/G2BSvi1Wo2g qe8An1iEDffqtPZM44As/JEQdkiP0UeE =NVjA -----END PGP SIGNATURE----- _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
