kadmind: password history interaction with keepold

[Tomas Kuthan]

Hi,

after some while I finally got back to working on password history in 
LDAP KDB back-end [1].

I have ran into a corner case and I am not really sure if the behavior 
in the back-end agnostic code is correct with respect to use of -keepold 
option with principals with password history.
In my opinion, with -keepold, old keys are retained in password history 
for too long.

To reproduce:

kadmin.local:  addpol -history 2 pol
kadmin.local:  addprinc -policy pol -pw aaaa princ    (0)
Principal "princ at TKUTHAN.ORACLE.COM" created.
kadmin.local:  cpw -keepold -pw bbbb princ            (1)
Password for "princ at TKUTHAN.ORACLE.COM" changed.
kadmin.local:  cpw -pw cccc princ                     (2)
Password for "princ at TKUTHAN.ORACLE.COM" changed.
kadmin.local:  cpw -pw aaaa princ                     (3)
change_password: Cannot reuse password while changing password for 
"princ at TKUTHAN.ORACLE.COM".

I would have expected the third change to succeed, because my last and 
last-but-one passwords were cccc and bbbb respectively.

But in fact the contents of password history changed like this:
0) (empty)
1) aaaa
2) aaaa|aaaa,bbbb
3) aaa,bbb|cccc

I would find it more logical, if only the keys with the highest kvno 
were added to history in each step.
Like this:
0) (empty)
1) aaaa
2) aaaa|bbbb
3) bbbb|cccc

Is current behavior intentional? Or is it a bug?

Thanks,
Tomas

[1] https://github.com/krb5/krb5/pull/132