On Tue, Jan 25, 2011 at 7:57 AM, Stephen Gallagher <sgallagh(a)redhat.com> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is going to be a controversial patch. It adds support for an option
called "ldap_auth_disable_tls_never_use_in_production" which allows SSSD
to perform LDAP simple-bind authentication without a corresponding TLS
tunnel.
Multiple users have requested (arguably demanded) this feature for
"debugging" purposes. We've resisted it for a long time, but after a
certain point, once people yell often enough, it's probably worth it to
listen.
Why don't you make sssd also complain on startup about this option?
--
Jeff Schroeder
Don't drink and derive, alcohol and analysis don't mix.
http://www.digitalprognosis.com