kadm5_rename_principal salt question

John Hascall john at iastate.edu
Tue Sep 25 13:31:28 EDT 2007

> >      I can live with a little noise from these principals
> >      until they change their passwords -- it'll be a vast
> >      improvement from every single princ doing it.

> What sticks in my head is that you'll have to decide what to do about
> password history since you won't be able to check old keys across a rename
> (unless you remember what the old salt was).  The simplest thing to do
> would probably be to delete the complete password history.

This is certainly an issue in the general case,
but is not an issue for us - we don't keep a
password history.


More information about the krbdev mailing list