On Thu, Dec 1, 2016 at 3:46 PM, Simo Sorce <s...@redhat.com> wrote: > On Thu, 2016-12-01 at 15:22 +0100, Pavel Březina wrote: >> On 12/01/2016 02:56 PM, Simo Sorce wrote: >> > On Thu, 2016-12-01 at 14:44 +0100, Pavel Březina wrote: >> >> On 11/24/2016 02:33 PM, Fabiano Fidêncio wrote: >> >>> The design page is done [0] and it's based on this discussion [1] we >> >>> had on this very same mailing list. A pull-request with the >> >>> implementation is already opened [2]. >> >>> >> >>> [0]: >> >>> https://fedorahosted.org/sssd/wiki/DesignDocs/SocketActivatableResponders >> >>> [1]: >> >>> https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org/message/H6JOF5SGGSIJUIWYNANDA73ODHWBS7J2/ >> >>> [2]: https://github.com/SSSD/sssd/pull/84 >> >> >> >> I think we should also provide 'disabled_services' option, to give >> >> admins a way to explicitly disable some responders if the don't want to >> >> used them. >> > >> > How would this work ? >> >> If responder is listed in disabled_services, it won't be allowed to >> start via socket activation. If disabling the socket as Fabiano >> mentioned in the other mail is enough, I'm fine with it, plese test. > > I am not sure this is a good behavior as clients will see a connection > being accept and then dropped, and may misbehave or report strange > errors.
So, thinking a little bit about it Pavel's idea is not bad. If you have a list of "not allowed"/"disabled" services we can, at least, report the proper error when enabling the service. Does this sound reasonable to you? > > Simo. > > -- > Simo Sorce * Red Hat, Inc * New York > _______________________________________________ > sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org > To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org _______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org