krb5-kdc: Cannot change passwords if password history is used

[Nico Williams]

On Wed, Mar 7, 2012 at 2:24 AM, Christopher Odenbach
<odenbach at uni-paderborn.de> wrote:
>> We're also reconsidering whether failure to decrypt a history
>> entry should continue to be fatal to the password change operation,
>> or if the history entry should just be ignored (which could wrongly
>> permit the use of historical passwords).
>
> Well, if a password cannot be decrypted because the needed key is not
> there anymore there is no point in letting the password change fail.
> Provided of course that every history key is tried.

But there's no integrity protection for most of the KDB, so there's no
way to know if the problem is corruption.  That said, I agree with
you: removing the required key == removing that part of the password
history keyed with that key.

Nico
--