On Fri, 2014-04-11 at 11:14 -0400, Stephen Gallagher wrote:
Well, the major technical reason is that it would be a backwards-incompatible change. Updating the SSSD and changing that behavior could very easily mean suddenly locking a whole lot of people out of their system. There's really no easy way to change this unless we want to force an upgrade to set it explicitly to 'access_provider = permit', but that would still break if something like puppet overwrote it again.
Although there are risks, I think we should do it in the next major release.
Simo.