From bjaspan@MIT.EDU Mon Mar 17 12:28:35 1997
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id MAA02303 for <bugs@RT-11.MIT.EDU>; Mon, 17 Mar 1997 12:28:34 -0500
Received: from BEEBLEBROX.MIT.EDU by MIT.EDU with SMTP
id AA12880; Mon, 17 Mar 97 12:28:27 EST
Received: by beeblebrox.MIT.EDU (940816.SGI.8.6.9/4.7) id RAA09448; Mon, 17 Mar 1997 17:28:34 GMT
Message-Id: <199703171728.RAA09448@beeblebrox.MIT.EDU>
Date: Mon, 17 Mar 1997 17:28:34 GMT
From: bjaspan@MIT.EDU
Reply-To: bjaspan@MIT.EDU
To: krb5-bugs@MIT.EDU
Subject: kadm5_randkey_principal does not store old key in history
X-Send-Pr-Version: 3.99
System: IRIX beeblebrox 5.3 02091401 IP22 mips
The current implementation of kadm5_randkey_principal does not store
the current key in the key history before replacing it with a new
random key. This means that a principal can randomize its password
and then re-select that password, getting around the password history.
Actually, I'm not convinced this really matters. Password history
without password minimum life is meaningless. If you have a pw
min_life, then randomizing your key really isn't practical, because
then you do not have a password to type for the duration of min_life.
So, perhaps the code should be fixed, or kadm5/api-funcspec.tex should
be updated not to say that randkey updates pw history. Not sure
which.
From: Tom Yu <tlyu@MIT.EDU>
To: Barry Jaspan <bjaspan@MIT.EDU>
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-admin/397: kadm5_randkey_principal does not store old key in history
Date: Sun, 1 Mar 1998 21:46:44 -0500
`Tom Yu' made changes to this PR.
--- /tmp/gnatsa005GP Sun Mar 1 21:46:10 1998
+++ /tmp/gnatsb005GP Sun Mar 1 21:46:35 1998
@@ -16,7 +16,7 @@
+>Priority: low
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id MAA02303 for <bugs@RT-11.MIT.EDU>; Mon, 17 Mar 1997 12:28:34 -0500
Received: from BEEBLEBROX.MIT.EDU by MIT.EDU with SMTP
id AA12880; Mon, 17 Mar 97 12:28:27 EST
Received: by beeblebrox.MIT.EDU (940816.SGI.8.6.9/4.7) id RAA09448; Mon, 17 Mar 1997 17:28:34 GMT
Message-Id: <199703171728.RAA09448@beeblebrox.MIT.EDU>
Date: Mon, 17 Mar 1997 17:28:34 GMT
From: bjaspan@MIT.EDU
Reply-To: bjaspan@MIT.EDU
To: krb5-bugs@MIT.EDU
Subject: kadm5_randkey_principal does not store old key in history
X-Send-Pr-Version: 3.99
Show quoted text
>Number: 397
>Category: krb5-admin
>Synopsis: kadm5_randkey_principal does not store old key in history
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: bjaspan
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Mon Mar 17 12:29:00 EST 1997
>Last-Modified: Sun Mar 01 21:47:01 EST 1998
>Originator: Barry Jaspan
>Organization:
mit>Category: krb5-admin
>Synopsis: kadm5_randkey_principal does not store old key in history
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: bjaspan
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Mon Mar 17 12:29:00 EST 1997
>Last-Modified: Sun Mar 01 21:47:01 EST 1998
>Originator: Barry Jaspan
>Organization:
Show quoted text
>Release: 1.0-development
>Environment:
>Environment:
System: IRIX beeblebrox 5.3 02091401 IP22 mips
Show quoted text
>Description:
The current implementation of kadm5_randkey_principal does not store
the current key in the key history before replacing it with a new
random key. This means that a principal can randomize its password
and then re-select that password, getting around the password history.
Actually, I'm not convinced this really matters. Password history
without password minimum life is meaningless. If you have a pw
min_life, then randomizing your key really isn't practical, because
then you do not have a password to type for the duration of min_life.
So, perhaps the code should be fixed, or kadm5/api-funcspec.tex should
be updated not to say that randkey updates pw history. Not sure
which.
Show quoted text
>How-To-Repeat:
Show quoted text
>Fix:
Show quoted text
>Audit-Trail:
From: Tom Yu <tlyu@MIT.EDU>
To: Barry Jaspan <bjaspan@MIT.EDU>
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-admin/397: kadm5_randkey_principal does not store old key in history
Date: Sun, 1 Mar 1998 21:46:44 -0500
`Tom Yu' made changes to this PR.
--- /tmp/gnatsa005GP Sun Mar 1 21:46:10 1998
+++ /tmp/gnatsb005GP Sun Mar 1 21:46:35 1998
@@ -16,7 +16,7 @@
Show quoted text
>Synopsis: kadm5_randkey_principal does not store old key in history
>Confidential: no
>Severity: serious
->Priority: medium>Confidential: no
>Severity: serious
+>Priority: low
Show quoted text
>Responsible: bjaspan
>State: open
>Class: sw-bug
>State: open
>Class: sw-bug
Show quoted text
>Unformatted: