The history key

Tom Yu tlyu at
Wed Jan 13 18:51:59 EST 2010

ghudson at MIT.EDU writes:

> 2. For 1.8, we will make sure it is possible to change the history key
> (with cpw -randkey) and still have password changes work, although old
> password history will effectively be lost if you do this.  (This just
> means ignoring integrity error codes from krb5_dbekd_decrypt_key_data
> in check_pw_reuse, I think.)

Does anyone who is currently using the password policy support,
especially for regulatory or similar reasons, think it is a problem
for existing password history to be lost during such a migration

More information about the krbdev mailing list