|
 |
ac7d03 |
From ac3c0d46d947c59aa25f4c9268ef17023c87b4b2 Mon Sep 17 00:00:00 2001
|
|
|
ac7d03 |
From: Martin Basti <mbasti@redhat.com>
|
|
|
ac7d03 |
Date: Wed, 22 Mar 2017 17:47:04 +0100
|
|
|
ac7d03 |
Subject: [PATCH] Set "KDC:Disable Last Success" by default
|
|
|
ac7d03 |
|
|
|
ac7d03 |
In big deployments enabled recording of the last sucesfull login
|
|
|
ac7d03 |
this creates a huge changelog on DS side and cause performance
|
|
|
ac7d03 |
issues even if this is excluded from replication.
|
|
|
ac7d03 |
|
|
|
ac7d03 |
Actually this is not used directly by FreeIPA so it is safe to remove
|
|
|
ac7d03 |
in new installations. User who need this must manually remove
|
|
|
ac7d03 |
"KDC:Disable Last Success" using `ipa config-mod` command or WebUI.
|
|
|
ac7d03 |
|
|
|
ac7d03 |
https://pagure.io/freeipa/issue/5313
|
|
|
ac7d03 |
|
|
|
ac7d03 |
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
|
|
|
ac7d03 |
---
|
|
|
ac7d03 |
install/share/bootstrap-template.ldif | 1 +
|
|
|
ac7d03 |
1 file changed, 1 insertion(+)
|
|
|
ac7d03 |
|
|
|
ac7d03 |
diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif
|
|
|
ac7d03 |
index da12ddf0ca887e8305402048ceed5d5b28816164..ea1e5b222e7af5ed7c5d80bbaf9282735e425e18 100644
|
|
|
ac7d03 |
--- a/install/share/bootstrap-template.ldif
|
|
|
ac7d03 |
+++ b/install/share/bootstrap-template.ldif
|
|
|
ac7d03 |
@@ -410,6 +410,7 @@ ipaUserObjectClasses: ipasshuser
|
|
|
ac7d03 |
ipaDefaultEmailDomain: $DOMAIN
|
|
|
ac7d03 |
ipaMigrationEnabled: FALSE
|
|
|
ac7d03 |
ipaConfigString: AllowNThash
|
|
|
ac7d03 |
+ipaConfigString: KDC:Disable Last Success
|
|
|
ac7d03 |
ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023
|
|
|
ac7d03 |
ipaSELinuxUserMapDefault: unconfined_u:s0-s0:c0.c1023
|
|
|
ac7d03 |
|
|
|
ac7d03 |
--
|
|
|
ac7d03 |
2.12.1
|
|
|
ac7d03 |
|