diff options
author | Greg Hudson <ghudson@mit.edu> | 2010-05-10 22:42:04 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2010-05-10 22:42:04 +0000 |
commit | 6eacb6d5f29da306ea605a5efb00c0d01c3182b1 (patch) | |
tree | 8b37e7da4e702e962560823515da5a744c5edf7c /src/plugins/kdb/db2/kdb_db2.c | |
parent | f795c92a96a2a559fe01fc5906d488167ab6b4b9 (diff) | |
download | krb5-6eacb6d5f29da306ea605a5efb00c0d01c3182b1.zip krb5-6eacb6d5f29da306ea605a5efb00c0d01c3182b1.tar.gz krb5-6eacb6d5f29da306ea605a5efb00c0d01c3182b1.tar.bz2 |
Add lockout-related performance tuning variables
The account lockout feature of krb5 1.8 came at a cost in database
accesses for principals requiring preauth, even if lockout is not
used. Add dbmodules variables disable_last_success and
disable_lockout for the DB2 and LDAP back ends, allowing the admin to
recover the lost performance at the cost of new functionality.
(Unrelated documentation fix: document database_name as a DB2-specific
dbmodules variable instead of the realm variable it used to be.)
ticket: 6719
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24003 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/plugins/kdb/db2/kdb_db2.c')
-rw-r--r-- | src/plugins/kdb/db2/kdb_db2.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c index 713ed7a..9c73c12 100644 --- a/src/plugins/kdb/db2/kdb_db2.c +++ b/src/plugins/kdb/db2/kdb_db2.c @@ -204,6 +204,7 @@ configure_context(krb5_context context, char *conf_section, char **db_args) krb5_db2_context *db_ctx; char **t_ptr, *opt = NULL, *val = NULL, *pval = NULL; profile_t profile = KRB5_DB_GET_PROFILE(context); + int bval; status = k5db2_init_context(context); if (status != 0) @@ -252,6 +253,18 @@ configure_context(krb5_context context, char *conf_section, char **db_args) db_ctx->db_name = strdup(pval); } + status = profile_get_boolean(profile, KDB_MODULE_SECTION, conf_section, + KRB5_CONF_DISABLE_LAST_SUCCESS, FALSE, &bval); + if (status != 0) + goto cleanup; + db_ctx->disable_last_success = bval; + + status = profile_get_boolean(profile, KDB_MODULE_SECTION, conf_section, + KRB5_CONF_DISABLE_LOCKOUT, FALSE, &bval); + if (status != 0) + goto cleanup; + db_ctx->disable_lockout = bval; + cleanup: free(opt); free(val); |