The history key
Tom Yu
tlyu at mit.edu
Wed Jan 13 18:51:59 EST 2010
ghudson at MIT.EDU writes:
> 2. For 1.8, we will make sure it is possible to change the history key
> (with cpw -randkey) and still have password changes work, although old
> password history will effectively be lost if you do this. (This just
> means ignoring integrity error codes from krb5_dbekd_decrypt_key_data
> in check_pw_reuse, I think.)
Does anyone who is currently using the password policy support,
especially for regulatory or similar reasons, think it is a problem
for existing password history to be lost during such a migration
scenario?
More information about the krbdev
mailing list