[Freeipa-devel] [PATCH 0039] Enable FAST support in SSSD by default
Jakub Hrozek
jhrozek at redhat.com
Tue Feb 11 13:27:44 UTC 2014
On Tue, Feb 11, 2014 at 02:57:40PM +0200, Alexander Bokovoy wrote:
> On Mon, 10 Feb 2014, Jakub Hrozek wrote:
> >On Mon, Feb 10, 2014 at 04:06:37PM -0500, Nathaniel McCallum wrote:
> >>https://fedorahosted.org/freeipa/ticket/4173
> >>
> >>I do have one question. Do we ever try to "upgrade" the SSSD config? If
> >>so, should we try to "upgrade" the SSSD config to enable FAST by
> >>default?
> >>
> >>Nathaniel
> >
> >What if we changed the SSSD defaults instead? Would enabling FAST by
> >default break backwards compatibility in any way if we set it to "try" ?
> 'try' shouldn't break anything now that I fixed SSSD side to properly
> process OTP token responses.
>
> >I would prefer to keep the config as clean as possible and only rely on
> >sane defaults.
> I agree but this means we would depend on specific SSSD version to
> provide full OTP experience. It may be good to be clear with that in
> documentation instead of explicitly setting the option, though.
Wouldn't you prefer to Require a specific version anyway to make sure
the OTP fix is in?
More information about the Freeipa-devel
mailing list