On Thu, 2011-08-04 at 10:11 -0400, Stephen Gallagher wrote:
On Mon, 2011-08-01 at 12:19 -0400, Stephen Gallagher wrote:
> On Mon, 2011-08-01 at 11:00 -0400, Simo Sorce wrote:
> > On Mon, 2011-08-01 at 10:50 -0400, Stephen Gallagher wrote:
> > > Previously, we were only displaying expiration warnings if the
> > > password was going to expire within a day. We'll allow LDAP to
> > > make this decision (by whether it passes us the expiration time).
> > >
> > > In the future, we can add an option to clamp this down to a
> > > shorter period if the local admin prefers it.
> > >
> > >
https://fedorahosted.org/sssd/ticket/940
> >
> > ACK.
>
>
> Pushed to master and sssd-1-5
I misread the original code here and have since noticed that the option
to clamp this down was in fact already present (due to the fact that
Kerberos always reports the expiration time). Unfortunately, by pushing
the patch above, we have regressed that behavior.
Patch 0001: Revert the patch from earlier in this thread.
Patch 0002: Add the ability to always display the expiration and make
this the default.
I'm a little unsure about patch 0002 as it will require modification for
existing Kerberos deployments in order to make LDAP deployments happier.
Opinions welcome.
Upon further reflection, I'm going to withdraw 0002 from consideration.
There's no reason to change the defaults right now.
Pushing 0001 to master, sssd-1-5 and sssd-1-6 to revert the regression.