URL: https://github.com/freeipa/freeipa/pull/641 Author: MartinBasti Title: #641: Set "KDC:Disable Last Success" by default Action: synchronized
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/641/head:pr641 git checkout pr641
From 47aac32b3c5c8ee258270f95ec34b9e36d6e561d Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Wed, 22 Mar 2017 17:47:04 +0100 Subject: [PATCH] Set "KDC:Disable Last Success" by default In big deployments enabled recording of the last sucesfull login this creates a huge changelog on DS side and cause performance issues even if this is excluded from replication. Actually this is not used directly by FreeIPA so it is safe to remove in new installations. User who need this must manually remove "KDC:Disable Last Success" using `ipa config-mod` command or WebUI. https://pagure.io/freeipa/issue/5313 --- install/share/bootstrap-template.ldif | 1 + 1 file changed, 1 insertion(+) diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif index da12ddf..ea1e5b2 100644 --- a/install/share/bootstrap-template.ldif +++ b/install/share/bootstrap-template.ldif @@ -410,6 +410,7 @@ ipaUserObjectClasses: ipasshuser ipaDefaultEmailDomain: $DOMAIN ipaMigrationEnabled: FALSE ipaConfigString: AllowNThash +ipaConfigString: KDC:Disable Last Success ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023 ipaSELinuxUserMapDefault: unconfined_u:s0-s0:c0.c1023
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
