From bf8cce77a35cb0a3cdb0d21fb9c39b7b6372bc11 Mon Sep 17 00:00:00 2001 From: Jan Zeleny Date: Tue, 1 May 2012 03:36:37 -0400 Subject: Modify behavior of pam_pwd_expiration_warning New option pwd_expiration_warning is introduced which can be set per domain and can override the value specified by the original pam_pwd_expiration_warning. If the value of expiration warning is set to zero, the filter isn't apllied at all - if backend server returns the warning, it will be automatically displayed. Default value for Kerberos: 7 days Default value for LDAP: don't apply the filter Technical note: default value when creating the domain is -1. This is important so we can distinguish between "no value set" and 0. Without this possibility it would be impossible to set different values for LDAP and Kerberos provider. --- src/util/domain_info_utils.c | 1 + 1 file changed, 1 insertion(+) (limited to 'src/util/domain_info_utils.c') diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c index d9f320d8..45f98d85 100644 --- a/src/util/domain_info_utils.c +++ b/src/util/domain_info_utils.c @@ -77,6 +77,7 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx, /* FIXME: get ranges from the server */ dom->id_min = 0; dom->id_max = 0xffffffff; + dom->pwd_expiration_warning = parent->pwd_expiration_warning; dom->cache_credentials = parent->cache_credentials; dom->case_sensitive = parent->case_sensitive; dom->user_timeout = parent->user_timeout; -- cgit