kadmind: password history interaction with keepold
ghudson at MIT.EDU
Fri Aug 15 09:52:49 EDT 2014
On 07/23/2014 08:37 AM, Tomas Kuthan wrote:
> I have ran into a corner case and I am not really sure if the behavior
> in the back-end agnostic code is correct with respect to use of -keepold
> option with principals with password history.
> In my opinion, with -keepold, old keys are retained in password history
> for too long.
Sorry, I missed this message somehow. I agree completely; only the most
recent kvno should be stored in the history record.
More information about the krbdev