kadm5_rename_principal salt question

[Ken Hornstein]

>      I can live with a little noise from these principals
>      until they change their passwords -- it'll be a vast
>      improvement from every single princ doing it.

What sticks in my head is that you'll have to decide what to do about
password history since you won't be able to check old keys across a rename
(unless you remember what the old salt was).  The simplest thing to do
would probably be to delete the complete password history.

--Ken