diff options
author | Simo Sorce <ssorce@redhat.com> | 2012-05-23 12:35:44 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2012-06-06 22:11:41 -0400 |
commit | 97e362681ff9c81d76b6b015467309f90e301bce (patch) | |
tree | 5ce75dd46459a68604fb13482e17042310ae5379 /ipalib | |
parent | 0b33b9fb3791545ab952b46c7443482a52fe6a6c (diff) | |
download | freeipa.git-97e362681ff9c81d76b6b015467309f90e301bce.tar.gz freeipa.git-97e362681ff9c81d76b6b015467309f90e301bce.tar.xz freeipa.git-97e362681ff9c81d76b6b015467309f90e301bce.zip |
Add support for disabling KDC writes
Add two global ipaConfig options to disable undesirable writes that have
performance impact.
The "KDC:Disable Last Success" will disable writing back to ldap the last
successful AS Request time (successful kinit)
The "KDC:Disable Lockout" will disable completely writing back lockout
related data. This means lockout policies will stop working.
https://fedorahosted.org/freeipa/ticket/2734
Diffstat (limited to 'ipalib')
-rw-r--r-- | ipalib/plugins/config.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ipalib/plugins/config.py b/ipalib/plugins/config.py index df960f4c..aa929537 100644 --- a/ipalib/plugins/config.py +++ b/ipalib/plugins/config.py @@ -177,7 +177,8 @@ class config(LDAPObject): cli_name='ipaconfigstring', label=_('Password plugin features'), doc=_('Extra hashes to generate in password plug-in'), - values=(u'AllowLMhash', u'AllowNThash'), + values=(u'AllowLMhash', u'AllowNThash', + u'KDC:Disable Last Success', u'KDC:Disable Lockout'), csv=True, ), Str('ipaselinuxusermaporder', |