Freeipa authentication flood

[overworm]

	useKeyTab=true
	keyTab="/etc/iris/keytab"
	storeKey=true
	useTicketCache=true

incorrect jaas config
there are confilcted params.

JAAS (krb5LoginModule) uses own cryptomechanism is not compatible with MIT. So for thousands of threads it will be infinite DoS attack.
useTicketCache is special bridge for Active Directory helps to read TGT only. I have no idea why JDK library doesn't support TGS.
However MIT credential cache is standard for both of ticket types.

Redhat discussed this issue many times. Java JAAS doesn't support MIT and will never do.
The only way to use classic Java GSSAPI module compatible with MIT as known as GSSAPI Native bridge. Read official Oracle doc to understand how it works for specific KDC like Active Directory LSA or Redhat KEYRING storage.
Your current configuration is fit for an user simple one-time request but not for robotized high-load jobs.