kadm5_rename_principal salt question
John Hascall
john at iastate.edu
Tue Sep 25 13:31:28 EDT 2007
> > I can live with a little noise from these principals
> > until they change their passwords -- it'll be a vast
> > improvement from every single princ doing it.
> What sticks in my head is that you'll have to decide what to do about
> password history since you won't be able to check old keys across a rename
> (unless you remember what the old salt was). The simplest thing to do
> would probably be to delete the complete password history.
This is certainly an issue in the general case,
but is not an issue for us - we don't keep a
password history.
John
More information about the krbdev
mailing list