On ti, 10 joulu 2019, Master Blaster via FreeIPA-users wrote:
Thanks for the response, François.
I'm somewhat surprised there isn't a way to determine both host and
user activity already.
For hosts, doesn't the Kerberos ticket have to be renewed on a regular
basis? Couldn't that timestamp be used?
Yes. You still need to collect that
information somehow. We do not
update the time stamp right now at all by default because of a
replication storm concerns. Once DSU feature is implemented, a coarse
time stamp will updated for each principal.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland