[Freeipa-devel] [PATCH 0039] Enable FAST support in SSSD by default
Nathaniel McCallum
npmccallum at redhat.com
Tue Feb 11 14:10:58 UTC 2014
On Tue, 2014-02-11 at 14:27 +0100, Jakub Hrozek wrote:
> On Tue, Feb 11, 2014 at 02:57:40PM +0200, Alexander Bokovoy wrote:
> > On Mon, 10 Feb 2014, Jakub Hrozek wrote:
> > >On Mon, Feb 10, 2014 at 04:06:37PM -0500, Nathaniel McCallum wrote:
> > >>https://fedorahosted.org/freeipa/ticket/4173
> > >>
> > >>I do have one question. Do we ever try to "upgrade" the SSSD config? If
> > >>so, should we try to "upgrade" the SSSD config to enable FAST by
> > >>default?
> > >>
> > >>Nathaniel
> > >
> > >What if we changed the SSSD defaults instead? Would enabling FAST by
> > >default break backwards compatibility in any way if we set it to "try" ?
> > 'try' shouldn't break anything now that I fixed SSSD side to properly
> > process OTP token responses.
> >
> > >I would prefer to keep the config as clean as possible and only rely on
> > >sane defaults.
> > I agree but this means we would depend on specific SSSD version to
> > provide full OTP experience. It may be good to be clear with that in
> > documentation instead of explicitly setting the option, though.
>
> Wouldn't you prefer to Require a specific version anyway to make sure
> the OTP fix is in?
Agreed. In a private conversation, Jakub is going to work up a patch.
Nathaniel
More information about the Freeipa-devel
mailing list