This bug is filed to log a Known Issue for feature tracked in Bug 919228 and in upstream ticket https://fedorahosted.org/freeipa/ticket/4725.
Changes done in Bug and Ticket involved setting "udp_preference_limit" setting in /etc/krb5.conf for new IdM Client or IdM Server installations. This setting forces Kerberos to operate on TCP protocol instead of UDP protocol which does is more resilient to longer processing time on the server if OTP is used (especially if OTP authentication is redirected to external OTP server via Radius protocol).
New RHEL-7.1 IdM clients are fixed and have the value as default. However, it was decided not do update krb5.conf on RHEL-7.0 to 7.1 upgrades. Users who want to use OTP and are just upgrading existing IdM RHEL-7.0 clients are encouraged to update this configuration manually:
udp_preference_limit = 0