kadm5_rename_principal salt question

Ken Hornstein kenh at cmf.nrl.navy.mil
Tue Sep 25 13:12:15 EDT 2007

>      I can live with a little noise from these principals
>      until they change their passwords -- it'll be a vast
>      improvement from every single princ doing it.

What sticks in my head is that you'll have to decide what to do about
password history since you won't be able to check old keys across a rename
(unless you remember what the old salt was).  The simplest thing to do
would probably be to delete the complete password history.


More information about the krbdev mailing list