When using gssproxy we need to enable syncing back ccaches. This allows the framework to receive back and store (in encrypted form) the ldap/ ticket acquire to talk to the directory server. Without this option each connection to the ldap server will cause a new rountrip to the KDC to acquire a new ldap/ ticket. This will increase the load on both the KDC and DS (to search the principal keys) as well as slow down each operation for the framework.
Metadata Update from @pvoborni: - Issue set to the milestone: FreeIPA 4.5.1
Metadata Update from @pvoborni: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1432903
master:
Metadata Update from @mbabinsk: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
ipa-4-5:
Log in to comment on this ticket.