Skip Menu |

Subject: SVN Commit

Try all history keys to decrypt password history

A database created prior to 1.3 will have multiple password history
keys, and kadmin prior to 1.8 won't necessarily choose the first one.
So if there are multiple keys, we have to try them all. If none of
the keys can decrypt a password history entry, don't fail the password
change operation; it's not worth it without positive evidence of
password reuse.

(back ported from commit 2782e80a12bccd920fa71e23166ac97c4470a637)
Author: Greg Hudson <>
Committer: Tom Yu <>
Commit: cfea6939cb8cb7c89ed265c472ea556100a6c64d
Branch: krb5-1.9
src/lib/kadm5/server_internal.h | 6 ++-
src/lib/kadm5/srv/server_kdb.c | 55 +++++++++++++-------
src/lib/kadm5/srv/svr_principal.c | 40 +++++++-------
src/tests/ | 6 ++-
src/tests/hist.c | 99 +++++++++++++++++++++++++++++++++++++
src/tests/ | 20 +++++++
6 files changed, 183 insertions(+), 43 deletions(-)
Subject: SVN Commit

Fix omitted variable changes from previous

Some changes of hist_keyblock to hist_keyblocks did not make it into
the previous commit due to merge conflicts.
Author: Tom Yu <>
Commit: b89d4e5b358f320ed5254143d51edfe49060455f
Branch: krb5-1.9
src/lib/kadm5/srv/svr_principal.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)