Bug 2229134 - RFE: check for krbLastSuccessfulAuth being enabled
Summary: RFE: check for krbLastSuccessfulAuth being enabled
Keywords:
Status: NEW
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: ipa-healthcheck
Version: 9.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Rob Crittenden
QA Contact: ipa-qe
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-08-04 10:00 UTC by François Cami
Modified: 2023-08-04 13:33 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker FREEIPA-10222 0 None None None 2023-08-04 10:03:15 UTC
Red Hat Issue Tracker RHELPLAN-164529 0 None None None 2023-08-04 10:03:20 UTC

Description François Cami 2023-08-04 10:00:59 UTC
Description of problem:

We're still seeing cases where krbLastSuccessfulAuth is causing performance issues.

I'll quote the upstream issue:
https://pagure.io/freeipa/issue/5313
"Even if this attribute is skipped in fractional replication, all the changes
are sent to changelog and replication has to browse them to decide whether to
skip or not."

Would it be possible to check for this?


Version-Release number of selected component (if applicable):

Current git main, considering:
$ grep -nr krbLastSuccessfulAuth .
$ git log | head -n1
commit 11c77a199304fba4f430e9386593477f37652f23

Comment 2 Rob Crittenden 2023-08-04 13:07:34 UTC
In other words you're asking for a check to display a WARNING if "KDC:Disable Last Success" is not in the ipaConfigString attribute?

Comment 3 François Cami 2023-08-04 13:33:29 UTC
Hi Rob, yes, exactly that, please.


Note You need to log in before you can comment on or make changes to this bug.