Due to potentially unknown replication system-wide race conditions, it may be possible for an HOTP counter or TOTP watermark to go backwards. While we should work to prevent these race conditions, as a defensive mechanism, we should prevent replication from moving the counter or watermark backwards.
Discussed on triage meeting with Nathaniel and Ludwig, it should be doable, we would just need to write the replication conflict resolution plugin. We will try to complete in 4.1 time frame.
I opened a newer bug. Sorry closing the older one as a dup of a newer one #4494.
Metadata Update from @npmccallum: - Issue assigned to npmccallum - Issue set to the milestone: FreeIPA 4.1
Login to comment on this ticket.