[Freeipa-devel] Kerberos lockout policy
Simo Sorce
ssorce at redhat.com
Fri Aug 27 18:07:52 UTC 2010
On Fri, 27 Aug 2010 09:41:57 -0400
Rob Crittenden <rcritten at redhat.com> wrote:
> We had talked about this at one point, perhaps in irc, and there was
> some reluctance to do this since every time a user logs in a number
> of attributes can get updated. The concern was the additional load
> added by replication. The suggested fix was to simply not replicate
> these.
Rob, we do not want to replicate counters or timestamps, but we
certainly want to replicate an account lock. It should happen rarely
enough to reach that stage that we can replicate nsAccountLock easily.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list