[krbdev.mit.edu #7099] SVN Commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Mon Apr 23 21:05:43 EDT 2012
Try all history keys to decrypt password history
A database created prior to 1.3 will have multiple password history
keys, and kadmin prior to 1.8 won't necessarily choose the first one.
So if there are multiple keys, we have to try them all. If none of
the keys can decrypt a password history entry, don't fail the password
change operation; it's not worth it without positive evidence of
password reuse.
http://src.mit.edu/fisheye/changelog/krb5/?cs=25819
Commit By: ghudson
Revision: 25819
Changed Files:
U trunk/src/lib/kadm5/server_internal.h
U trunk/src/lib/kadm5/srv/server_kdb.c
U trunk/src/lib/kadm5/srv/svr_principal.c
U trunk/src/tests/Makefile.in
A trunk/src/tests/hist.c
A trunk/src/tests/t_pwhist.py
More information about the krb5-bugs
mailing list