Skip Menu |
 

From: ghudson@mit.edu
Subject: SVN Commit

When we check for password reuse, only compare keys with the most
recent kvno against history entries, or else we will always fail with
-keepold.

This bug primarily affects rollover of cross-realm TGT principals,
which typically use password-derived keys and may have an associated
password policy such as "default".

Bug report and candidate fix (taken with a slight modification) by
Nicolas Williams.

https://github.com/krb5/krb5/commit/f3501eef27faa50470d2138e2c060a8ff77cf1a6
Commit By: ghudson
Revision: 25801
Changed Files:
U trunk/src/lib/kadm5/srv/svr_principal.c