krb5-kdc: Cannot change passwords if password history is used

Greg Hudson ghudson at MIT.EDU
Wed Mar 7 12:03:36 EST 2012


On 03/07/2012 03:24 AM, Christopher Odenbach wrote:
> Are there any plans to make the master key and the history key 
> changeable without losing historic data?

Master key rollover is already possible as of 1.7.

We have a design in mind (but no timetable) for history key rollover:
we'd like to start encrypting password history entries in
the master key instead of the history key, and then leverage the same
rollover system as is used for the master key.


More information about the Kerberos mailing list