On Пан, 12 лют 2024, Charles Hedrick via FreeIPA-users wrote:
Currently our department uses passwords in IPA, with a few users using OTP. I'm considering using a University radius server for most users. Are there reliability implications? My concern is what happens if the radius server is slow to respond or even is down. I'd like users with accounts in IPA to still work, and I'd hope things would survive conditions of slow response.
There is one potential issue that we fixed recently in MIT Kerberos: https://github.com/krb5/krb5/pull/1318
It is not yet part of any release. If you have RHEL subscription, making it known to RHEL support organization might help to get this fix out faster.