From: | ghudson@mit.edu |
Subject: | SVN Commit |
Add minimal support for re-randomizing the history key:
* cpw -randkey kadmin/history now works, but creates only one key.
* cpw -randkey -keepold kadmin/history still fails.
* libkadm5 no longer caches the history key. Performance impact
is minimal since password changes are not common.
* randkey no longer checks the newly randomized key against old keys,
and the disabled code to do so in setkey/setv4key is gone, so now
only kadm5_chpass_principal_3 accesses the password history.
https://github.com/krb5/krb5/commit/fe68c6595b7f90ec6891b4dbb0b227ee859090e5
Commit By: ghudson
Revision: 23716
Changed Files:
U trunk/doc/admin.texinfo
U trunk/src/lib/kadm5/server_internal.h
U trunk/src/lib/kadm5/srv/libkadm5srv_mit.exports
U trunk/src/lib/kadm5/srv/server_kdb.c
U trunk/src/lib/kadm5/srv/svr_principal.c
U trunk/src/lib/kadm5/unit-test/api.current/randkey-principal.exp