Re: [SSSD] [PATCH] Allow LDAP to decide when an expiration warning is warranted

On Mon, 2011-08-01 at 12:19 -0400, Stephen Gallagher wrote: > On Mon, 2011-08-01 at 11:00 -0400, Simo Sorce wrote: > > On Mon, 2011-08-01 at 10:50 -0400, Stephen Gallagher wrote: > > > Previously, we were only displaying expiration warnings if the > > > password was going to expire within a day. We'll allow LDAP to > > > make this decision (by whether it passes us the expiration time). > > > > > > In the future, we can add an option to clamp this down to a > > > shorter period if the local admin prefers it. > > > > > > https://fedorahosted.org/sssd/ticket/940 > > > > ACK. > > > Pushed to master and sssd-1-5 I misread the original code here and have since noticed that the option to clamp this down was in fact already present (due to the fact that Kerberos always reports the expiration time). Unfortunately, by pushing the patch above, we have regressed that behavior. Patch 0001: Revert the patch from earlier in this thread. Patch 0002: Add the ability to always display the expiration and make this the default. I'm a little unsure about patch 0002 as it will require modification for existing Kerberos deployments in order to make LDAP deployments happier. Opinions welcome.