Skip Menu |
 

Subject: Only store latest keys in key history entry
If cpw -keepold is used, the old keys will end up in a password history
entry when the password is changed again. This causes the passwords to
cycle out longer than they should. Reported here:

http://mailman.mit.edu/pipermail/krbdev/2014-July/012084.html
From: ghudson@mit.edu
Subject: git commit

Only store latest keys in key history entry

If a password is changed with the -keepold option, then changed again,
the history entry contains both the latest password and the one that
was kept. Fix create_history_entry to only store the latest kvno in
the history entry. Also add a test to ensure that the bug is fixed.

https://github.com/krb5/krb5/commit/d7f91ac2f6655e77bb3658c2c8cc6132f958a340
Author: Sarah Day <sarahday@mit.edu>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: d7f91ac2f6655e77bb3658c2c8cc6132f958a340
Branch: master
src/lib/kadm5/srv/svr_principal.c | 86 +++++++++++++++++++++++++------------
src/tests/t_kdb.py | 7 +++
2 files changed, 65 insertions(+), 28 deletions(-)