From f602ad270d06a0dd7f53c4aa6904d27daa07d4ae Mon Sep 17 00:00:00 2001
From: Simo Sorce <ssorce@redhat.com>
Date: Wed, 23 May 2012 12:35:44 -0400
Subject: Add support for disabling KDC writes

Add two global ipaConfig options to disable undesirable writes that have
performance impact.
The "KDC:Disable Last Success" will disable writing back to ldap the last
successful AS Request time (successful kinit)
The "KDC:Disable Lockout" will disable completely writing back lockout
related data. This means lockout policies will stop working.

https://fedorahosted.org/freeipa/ticket/2734
---
 ipalib/plugins/config.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'ipalib')

diff --git a/ipalib/plugins/config.py b/ipalib/plugins/config.py
index 30f26addf..c8230e23a 100644
--- a/ipalib/plugins/config.py
+++ b/ipalib/plugins/config.py
@@ -177,7 +177,8 @@ class config(LDAPObject):
             cli_name='ipaconfigstring',
             label=_('Password plugin features'),
             doc=_('Extra hashes to generate in password plug-in'),
-            values=(u'AllowLMhash', u'AllowNThash'),
+            values=(u'AllowLMhash', u'AllowNThash',
+                    u'KDC:Disable Last Success', u'KDC:Disable Lockout'),
             csv=True,
         ),
         Str('ipaselinuxusermaporder',
-- 
cgit