[Freeipa-devel] Implement audit_as kdb layer function
Simo Sorce
simo at redhat.com
Tue Feb 14 13:58:11 UTC 2012
Without this function the audit counters (krbLastFailedAuth,
krbLastSuccessfulAuth, krbLoginFailedCount) are not updated causing a
regression.
This function updates the counters unconditionally upon
successful/failed authentication (only if pre-auth is used which is the
default in FreeIPA).
A side effect of how this is implemented is that no other attributes are
updated when this happens so that replication is not kicked (because we
filter audit counters from replication to avoid replication storms), in
2.1.x updating these counters also ended up updating krbExtraData and
that caused replication to kick in.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-simo-478-1-ipa-kdb-add-AS-auditing-support.patch
Type: text/x-patch
Size: 17738 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120214/7da46596/attachment.bin>
More information about the Freeipa-devel
mailing list