diff options
| author | Simo Sorce <ssorce@redhat.com> | 2012-05-23 12:35:44 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2012-06-06 22:12:22 -0400 |
| commit | f602ad270d06a0dd7f53c4aa6904d27daa07d4ae (patch) | |
| tree | 6e029f602dd44652998064b52f97ec691b5ebc44 /ipalib | |
| parent | f8e7b516d923142a23058cb23ee817522686cfe3 (diff) | |
| download | freeipa-f602ad270d06a0dd7f53c4aa6904d27daa07d4ae.tar.gz freeipa-f602ad270d06a0dd7f53c4aa6904d27daa07d4ae.tar.xz freeipa-f602ad270d06a0dd7f53c4aa6904d27daa07d4ae.zip | |
Add support for disabling KDC writes
Add two global ipaConfig options to disable undesirable writes that have
performance impact.
The "KDC:Disable Last Success" will disable writing back to ldap the last
successful AS Request time (successful kinit)
The "KDC:Disable Lockout" will disable completely writing back lockout
related data. This means lockout policies will stop working.
https://fedorahosted.org/freeipa/ticket/2734
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/plugins/config.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ipalib/plugins/config.py b/ipalib/plugins/config.py index 30f26addf..c8230e23a 100644 --- a/ipalib/plugins/config.py +++ b/ipalib/plugins/config.py @@ -177,7 +177,8 @@ class config(LDAPObject): cli_name='ipaconfigstring', label=_('Password plugin features'), doc=_('Extra hashes to generate in password plug-in'), - values=(u'AllowLMhash', u'AllowNThash'), + values=(u'AllowLMhash', u'AllowNThash', + u'KDC:Disable Last Success', u'KDC:Disable Lockout'), csv=True, ), Str('ipaselinuxusermaporder', |