On Tue, 2012-05-01 at 19:16 +0200, Jan Zeleny wrote: > - rename the option to pwd_expiration_warning > - move the option from PAM responder to domains > - if pwd_expiration_warning == 0, don't apply the filter at all > - default value for Kerberos: 7 days > - default value for LDAP: don't apply the filter > > Technical note: default value when creating the domain is -1. This is > important so we can distinguish between "no value set" and 0. Without > this possibility it would be impossible to set different values for LDAP > and Kerberos provider. > > https://fedorahosted.org/sssd/ticket/1140
Nack We cannot remove options without a deprecation period. Please do not eliminate pam_pwd_expiration_warning. The better approach would be to treat it as a global setting that the domain-level pwd_expiration_warning options could override. So setting pam_pwd_expiration_warning = 0 would be the same as saying all domains would never set the filter. And having neither pam_pwd_expiration_warning nor pwd_expiration_warning set would be "use the defaults for every domain". Please change the documentation for the pwd_expiration_warning to make it clear that this is a limiter. The description for setting it to zero sounds like it's saying "never display the expiration warning".
signature.asc
Description: This is a digitally signed message part
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
