[krbdev.mit.edu #7110] SVN Commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Wed Apr 4 17:38:59 EDT 2012
When we check for password reuse, only compare keys with the most
recent kvno against history entries, or else we will always fail with
-keepold.
This bug primarily affects rollover of cross-realm TGT principals,
which typically use password-derived keys and may have an associated
password policy such as "default".
Bug report and candidate fix (taken with a slight modification) by
Nicolas Williams.
http://src.mit.edu/fisheye/changelog/krb5/?cs=25801
Commit By: ghudson
Revision: 25801
Changed Files:
U trunk/src/lib/kadm5/srv/svr_principal.c
More information about the krb5-bugs
mailing list