From eeaf428b1befc37489ed5ee14ae193b46cbd1db7 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Wed, 22 Mar 2017 17:47:04 +0100 Subject: [PATCH] Set "KDC:Disable Last Success" by default In big deployments enabled recording of the last sucesfull login this creates a huge changelog on DS side and cause performance issues even if this is excluded from replication. Actually this is not used directly by FreeIPA so it is safe to remove in new installations. User who need this must manually remove "KDC:Disable Last Success" using `ipa config-mod` command or WebUI. https://pagure.io/freeipa/issue/5313 Reviewed-By: Stanislav Laznicka --- install/share/bootstrap-template.ldif | 1 + 1 file changed, 1 insertion(+) diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif index da12ddf0c..ea1e5b222 100644 --- a/install/share/bootstrap-template.ldif +++ b/install/share/bootstrap-template.ldif @@ -410,6 +410,7 @@ ipaUserObjectClasses: ipasshuser ipaDefaultEmailDomain: $DOMAIN ipaMigrationEnabled: FALSE ipaConfigString: AllowNThash +ipaConfigString: KDC:Disable Last Success ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023 ipaSELinuxUserMapDefault: unconfined_u:s0-s0:c0.c1023