The account lockout feature of krb5 1.8 came at a cost in database
accesses for principals requiring preauth, even if lockout is not
used.  Add dbmodules variables disable_last_success and
disable_lockout for the DB2 and LDAP back ends, allowing the admin to
recover the lost performance at the cost of new functionality.

(Unrelated documentation fix: document database_name as a DB2-specific
dbmodules variable instead of the realm variable it used to be.)


https://github.com/krb5/krb5/commit/6eacb6d5f29da306ea605a5efb00c0d01c3182b1
Commit By: ghudson
Revision: 24003
Changed Files:
U   trunk/doc/admin.texinfo
U   trunk/src/include/k5-int.h
U   trunk/src/plugins/kdb/db2/kdb_db2.c
U   trunk/src/plugins/kdb/db2/kdb_db2.h
U   trunk/src/plugins/kdb/db2/lockout.c
U   trunk/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
U   trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
U   trunk/src/plugins/kdb/ldap/libkdb_ldap/lockout.c