[krbdev.mit.edu #7099] Decrypting history key entries can fail after 1.8 upgrade

[Greg Hudson via RT]

If a KDB is created with krb5 1.2 or earlier, kadmin/history will be 
created with all supported enctypes.  (In krb5 1.3 and later, 
kadmin/history is created with only one key entry, for the master key 
enctype.)

In krb5 1.7 and earlier, the kadmin/history key is selected by looking 
for  a key of the master key enctype.  In krb5 1.8, the key is selected 
by using the first key data entry.

So if a KDB is created with <=1.2, and has password history entries 
created with <=1.7, check_pw_reuse() in >=1.8 could try to decrypt those 
entries with a different key.  Decryption will fail, causing the 
password change operation to fail.

To make sure we properly use history entries in the presence of multiple 
kadmin/history keys, we need to try all keys when decrypting.

We should also consider whether failure to decrypt a history entry 
should be fatal for the password change operation, or if the history 
entry should just be ignored (possibly allowing a historical user 
password to be reused when it shouldn't be allowed, although there are 
other cases where that can happen).