Skip Menu |

Subject: password history should use master key
Date: Wed, 23 Oct 2002 13:48:53 -0400 (EDT)
From: hartmans@MIT.EDU (Sam Hartman)

Having kadmin/history be used to store password history seems silly.
Why not use k/m like we do for everything else.
Nico also notes that it would be more efficient and more reliable to use a
single, well-defined transformation of the password (maybe s2k in the
master key's enctype?) instead of storing key sets. That way, password
history would continue to work in the face of changes in the key enctype.

I'm noting this here because migrating to using the master key would be a
good opportunity to also change what key transformations are stored.
A user asked if the KDC could check preauth attempts against old keys
and avoid incrementing the failed authentication counter if they match:

I mention that here because (1) this issue would save the KDC from
having to keep around the history key in order to do this, and (2) we
would have to keep around the old keys, not a specific transform of the
old password, in order to do this.