Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.427 (Entity 5.427) Subject: Only store latest keys in key history entry X-RT-Original-Encoding: iso-8859-1 Content-Length: 257 If cpw -keepold is used, the old keys will end up in a password history entry when the password is changed again. This causes the passwords to cycle out longer than they should. Reported here: http://mailman.mit.edu/pipermail/krbdev/2014-July/012084.html