Set "KDC:Disable Last Success" by default

In big deployments enabled recording of the last sucesfull login
this creates a huge changelog on DS side and cause performance
issues even if this is excluded from replication.

Actually this is not used directly by FreeIPA so it is safe to remove
in new installations. User who need this must manually remove
"KDC:Disable Last Success" using `ipa config-mod` command or WebUI.

https://pagure.io/freeipa/issue/5313

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
This commit is contained in:
Martin Basti 2017-03-22 17:47:04 +01:00 committed by Pavel Vomacka
parent ab6d7ac50a
commit eeaf428b1b

View File

@ -410,6 +410,7 @@ ipaUserObjectClasses: ipasshuser
ipaDefaultEmailDomain: $DOMAIN ipaDefaultEmailDomain: $DOMAIN
ipaMigrationEnabled: FALSE ipaMigrationEnabled: FALSE
ipaConfigString: AllowNThash ipaConfigString: AllowNThash
ipaConfigString: KDC:Disable Last Success
ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023 ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0$$staff_u:s0-s0:c0.c1023$$unconfined_u:s0-s0:c0.c1023
ipaSELinuxUserMapDefault: unconfined_u:s0-s0:c0.c1023 ipaSELinuxUserMapDefault: unconfined_u:s0-s0:c0.c1023