+++ This bug was initially created as a clone of Bug #697644 +++
In retrospect, it seems reasonable that authconfig would need to write to sssd.conf.  Unfortunately, sssd.conf does not have a big banner at the top warning that the file will be overwritten.  It would be very helpful if there were such a warning and if it gave a clear description of where and how users are intended to make custom settings if needed.

--- Additional comment from tmraz on 2011-04-19 02:41:04 EDT ---

Given authconfig uses the SSSD config API, what would be the best way to add this comment to sssd.conf? I suppose the config API itself does not have calls for adding comments. Perhaps it should be added to the default config file in the sssd package?

--- Additional comment from sgallagh on 2011-04-19 09:46:07 EDT ---

Maybe we should rename the "default" domain to "default-ac" or "authconfig" domain. That should make it clear.

The idea is that if a customer wants to create a custom domain, they should do so by changing the domain name.

We thought "default" would be sufficient, but now I'm thinking it would make more sense if we used a less-ambiguous name.

Additionally, I think you're right that we should add a new config option "description" that has no purpose in the SSSD itself, but could be used by authconfig to add a notice that the domain was autoconfigured and could be changed by subsequent executions of authconfig.

This would be better than changing the default config file. I've actually been thinking about renaming the default config file to sssd-example.conf so that SSSD doesn't try to use it (since it intentionally doesn't work out of the box anyway). The SSSDConfig API (and by extension, authconfig) can create an empty file trivially.

Tomas, please use this BZ to track changing the default domain name to something more clear, and then please clone this ticket against the SSSD for me to add the 'description' option and change the example config name.