Bug 1166641 – ipa-otp-lasttoken loads all user's tokens on every mod/del

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1166641 - ipa-otp-lasttoken loads all user's tokens on every mod/del

Summary:	ipa-otp-lasttoken loads all user's tokens on every mod/del

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	ipa (Show other bugs)
Sub Component:
Version:	7.0
Hardware:	Unspecified Unspecified

Priority	medium Severity unspecified
Target Milestone:	rc
Target Release:	---
Assigned To:	IPA Maintainers
QA Contact:	Namita Soman
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2014-11-21 06:47 EST by Martin Kosek
Modified:	2015-03-05 05:15 EST (History)
CC List:	3 users (show)

See Also:
Fixed In Version:	ipa-4.1.0-11.el7
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2015-03-05 05:15:40 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2015:0442	normal	SHIPPED_LIVE	Moderate: ipa security, bug fix, and enhancement update	2015-03-05 09:50:39 EST

Groups: None (edit)

Description Martin Kosek 2014-11-21 06:47:53 EST

This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/4719

This is a huge performance hit. Effort should be taken to ensure this only occurs when the target is a token.

Comment 2 Martin Kosek 2014-12-03 02:52:17 EST

Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/bdccb0c721283f17a48423ab562ab5515ecd7f8e
https://fedorahosted.org/freeipa/changeset/953c6846b7cb8d75253538ab92a1360fceee0c3c
https://fedorahosted.org/freeipa/changeset/08f8acd88c1858000f5a15c3838e1bfd78551c55
ipa-4-1:
https://fedorahosted.org/freeipa/changeset/b4e85d02812041acb7a3071070b577adaecfe5c8
https://fedorahosted.org/freeipa/changeset/faa4d72a2f94a2da24b438f7de92e457229cc251
https://fedorahosted.org/freeipa/changeset/a0421d80823a35ab4145d4887cd8175048e8210c

Comment 5 Namita Soman 2015-01-28 19:54:09 EST

Checked with Nathaniel on how to verify this. But there is no reproducer. No symptons were seen, but this bz addresses the concern to scale to a large deployment.
Marking as Verified Sanity Only

Comment 7 errata-xmlrpc 2015-03-05 05:15:40 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0442.html

Note You need to log in before you can comment on or make changes to this bug.