URL: https://github.com/SSSD/sssd/pull/530 Title: #530: GPO: Add "thinlinc" to ad_gpo_map_remote_interactive
fidencio commented: """ I'm adding the discussion here: ``` <fidencio> simo: not going to extend the discussion in the pagure with a question that sounds quite stupid to me ... but why the option should be global? <fidencio> simo: I would easily buy if you tell me it should go under [pam] section as it's a list of PAM service names <fidencio> s/pagure/github PR/ <simo> fidencio: because the association is not domain specific <simo> if a service drops a file it wants that association to be valid for any possible domain you may join with that machine <simo> it is a default mapping <simo> has nothing to do with which domain you specifically ended up joining <fidencio> simo: hmmm. I see your point. OTOH I can also think that as it's something AD specific ... it should go in the domain section (and I guess that's the reason it's there) (mind that I'm not advocating for the current behaviour ... just trying to see both sides) <simo> fidencio: a domain section is a specific instantiation <simo> we are talking about a global default behavior <simo> service X uses pam file Y <simo> that's true besides what specific instantiation you use <simo> although in some contrived cases you may want to override this behavior in a specific domain <simo> which is also why software should not drop a domain specific snippet as admins may have their own specific configs <fidencio> simo: okay, got your point <fidencio> simo: so, a good way to fix this is to move this option to a global section ... <simo> fidencio: we need this option *also* as a global, to set defaults <simo> then per domain for overrides/domain specific ``` And the discussion can be added to the ticket as soon as we specifically have a ticket for this and/or decide to use the documentation ticket for this (I'll leave this decision to @mzidek-rh). """ See the full comment at https://github.com/SSSD/sssd/pull/530#issuecomment-372226106
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
