Re: [SSSD] [PATCH] Add option to disable TLS for LDAP auth

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/26/2011 05:51 AM, Sumit Bose wrote: > On Tue, Jan 25, 2011 at 02:55:05PM -0500, Stephen Gallagher wrote: > On 01/25/2011 11:17 AM, Sumit Bose wrote: >>>> On Tue, Jan 25, 2011 at 11:09:09AM -0500, Stephen Gallagher wrote: >>>> On 01/25/2011 10:59 AM, Jeff Schroeder wrote: >>>>>>> Why don't you make sssd also complain on startup about this >>>>>>>option? >>>>>>> >>>> >>>> I'm trying not to be TOO obnoxious about it. I figured that not >>>>having >>>> it mentioned in the documentation and not visible to the SSSDConfig >>>>API >>>> would be sufficient. >>>> >>>> But if you feel strongly about it, it's not too hard to add. >>>> >>>> >>>>> I would also support the idea of some kind of warning message to >>>>>prevent >>>>> that someone accidentally use the "debugging" configuration in >>>>> production. But instead of a message at startup I would prefer a >>>>>syslog >>>>> message every time a password is sent unencrypted. > > > New patch with annoying syslog message attached. > > >> I have to admit this patch is working as expected, I can clearly see my >> password on the wire. > >> ACK > Ok, so now that we know we have a patch to accomplish this... we have to ask ourselves this question: are we willing to push this upstream, or should we stick to the principles we've maintained up to this point?