Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

SWIFT: Generate New Ti...

SWIFT: POC Conversion

Sync from "Extern...

XML

Word

Printable

Type: Story
Resolution: Done-Errata
Priority: Minor
Fix Version/s: rhel-9.7
Affects Version/s: rhel-9.2.0
Component/s: ipa-healthcheck
Labels:

Fixed in Build:
ipa-healthcheck-0.16-6.el9
Severity:
None
Epic Link:
IDM-1265
sprint_count:
7

AssignedTeam:
rhel-idm-ipa
Sub-System Group:

ssg_idm

Dev Target Milestone:
6
Internal Target Milestone:
8
Story Points:
2
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
No
Sprint:
2025-Q1-Bravo-S4, 2025-Q1-Bravo-S5, 2025-Q1-Bravo-S6, 2025-Q2-Bravo-S2, 2025-Q2-Alpha-S4, 2025-Q2-Alpha-S5, 2025-Q2-Alpha-S6

Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/149965
Test Coverage:

Automated

Release Note Type:
Enhancement
Release Note Text:

Hide
.`Healthcheck` warns if `krbLastSuccessfulAuth` is enabled

Enabling the `krbLastSuccessfulAuth` setting in the `ipaConfigString` attribute can lead to performance issues if large numbers of users are authenticating at the same time. Therefore, it is disabled by default. With this update, `Healthcheck` displays a message if `krbLastSuccessfulAuth` is enabled, warning about the possible performance problems.

Show
.`Healthcheck` warns if `krbLastSuccessfulAuth` is enabled Enabling the `krbLastSuccessfulAuth` setting in the `ipaConfigString` attribute can lead to performance issues if large numbers of users are authenticating at the same time. Therefore, it is disabled by default. With this update, `Healthcheck` displays a message if `krbLastSuccessfulAuth` is enabled, warning about the possible performance problems.
Release Note Status:
Done

Experience:
Architecture:

Unspecified
Bugzilla Bug:
RHBZ: 2229134

PX Impact Score:
PX Priority Data:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None
Internal Target Milestone numeric:
57,005

Description of problem:

We're still seeing cases where krbLastSuccessfulAuth is causing performance issues.

I'll quote the upstream issue:
https://pagure.io/freeipa/issue/5313
"Even if this attribute is skipped in fractional replication, all the changes
are sent to changelog and replication has to browse them to decide whether to
skip or not."

Would it be possible to check for this?

Version-Release number of selected component (if applicable):

Current git main, considering:
$ grep -nr krbLastSuccessfulAuth .
$ git log | head -n1
commit 11c77a199304fba4f430e9386593477f37652f23

external trackers

Red Hat Customer Portal 03579402

Red Hat Issue Tracker FREEIPA-10222

Red Hat Issue Tracker RHELPLAN-164529

links to

https://github.com/freeipa/freeipa-healthcheck/issues/315

RHBA-2025:149965 ipa-healthcheck update

Assignee:: Rob Crittenden

Reporter:: François Cami

Developer:: Rob Crittenden

QA Contact:: Sudhir Menon

Doc Contact:: David Vozenilek

Votes:: 0 Vote for this issue

Watchers:: 10 Start watching this issue

Created:: 2023/09/18 10:53 PM

Updated:: 2025/11/11 12:02 PM

Resolved:: 2025/11/11 12:02 PM

Dev Target end:: 2025/04/07

Target end:: 2025/04/21

Next Planned Release Date:: 2025/11/11

Release Date:: 2025/11/11

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates