[krbdev.mit.edu #7099] SVN Commit
Tom Yu via RT
rt-comment at krbdev.mit.edu
Tue May 15 18:27:12 EDT 2012
Try all history keys to decrypt password history
A database created prior to 1.3 will have multiple password history
keys, and kadmin prior to 1.8 won't necessarily choose the first one.
So if there are multiple keys, we have to try them all. If none of
the keys can decrypt a password history entry, don't fail the password
change operation; it's not worth it without positive evidence of
password reuse.
(backported from commit 2782e80a12bccd920fa71e23166ac97c4470a637)
https://github.com/krb5/krb5/commit/c7b8525b7240428beb5f73f97484056385d11db5
Author: Greg Hudson <ghudson at mit.edu>
Committer: Tom Yu <tlyu at mit.edu>
Commit: c7b8525b7240428beb5f73f97484056385d11db5
src/lib/kadm5/server_internal.h | 6 ++-
src/lib/kadm5/srv/server_kdb.c | 55 +++++++++++++-------
src/lib/kadm5/srv/svr_principal.c | 46 +++++++++---------
src/tests/Makefile.in | 6 ++-
src/tests/hist.c | 99 +++++++++++++++++++++++++++++++++++++
src/tests/t_pwhist.py | 20 +++++++
6 files changed, 186 insertions(+), 46 deletions(-)
More information about the krb5-bugs
mailing list