Firstyear

> That approach with versioning within the library while allowing developers to choose the serialization format sounds great. Thanks. We have been (slowly) progressing with this, our attentions were elsewhere...

With the merged changes to our binary code using the HumanBinary format now, this should be working for most persons now.

SSSD loves to do substring searches in the most inefficient ways possible. I *think* if you remove "sudo" as a provider on the sssd.conf it stops it asking for sudohost....

Depends how @nitnelave wants to proceed here, but I'd say simply dropping/ignoring any request that asks for sudo related terms with an empty response would silence the problem.

Or open a bug with SSSD?

> One thing that I can do is that if the substring filter concerns an attribute that doesn't exist, I can replace it with just "false". At least LLDAP will...

Password expiration is a security anti-pattern. It has been known for more than a decade to reduce password quality and cause more security issues than it resolves. My advice to...

> Now, about the specific feature, I think we all agree with @Firstyear. I like to link to the NIST password guidelines: https://blog.netwrix.com/2022/11/14/nist-password-guidelines/ The complete version is https://pages.nist.gov/800-63-3/sp800-63b.html specifically section...

> I appreciate your links, I will use them for a discussion. However you also might know how those types of discussions end up.... I am available to be involved...

> But since this also covers LDAP logins, it's a bit more complicated: not every application displays the error messages from LDAP, so they would just see that the login...