On Mon, Apr 20, 2015 at 11:48:00AM -0400, Stephen Gallagher wrote: > When a user enrolls a system against Active Directory, the expectation > is that the client will honor the centrally-managed settings. In the > past, we avoided changing the default (and left it in permissive mode, > to warn admins that the security policy wasn't being honored) in order > to avoid breaking existing Active Directory enrollments. > > However, sufficient time has likely passed for users to become > accustomed to using GPOs to manage access-control for their systems. > > This patch changes the default to enforcing and adds a configure flag > for distributions to use if they wish to provide a different default > value.
ACK, both the manpage value and the config.h value can be toggled with a configure script. but I would prefer to push the patch after review of "[PATCHES] Support GPOs referred from other domains" is finished, simply to close the bugs first and then enable the feature for everyone :-) _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
