Description of problem:

Hello team,
Our customer, with a high security environment, have to enable track of success authentication despite of performance impact that induce (cf the doc : https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/managing_idm_users_groups_hosts_and_access_control_rules/index#enabling-the-tracking-of-last-successful-kerberos-authentication-for-users-in-idm_managing-user-passwords-in-idm ).

To limit the high impact which is currently happen on their replication, they would like to be able to enable tracking authentication success but only on a kind of object (understand cn). The only thing they want to track is users (cn=users,cn=accounts).

Steps to Reproduce:
#> ipa config-mod --ipaconfigstring='AllowNThash'
#> ipactl restart

Actual results:
In audit file there is success auth entry for every object which is able to connect (computer, users)

Expected results:
With an additional setting, in audit file there will be only object I need to track (for auth success)

Thank you for your help.