projects / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8230c4b) | patch
Try all history keys to decrypt password history
authorGreg Hudson <ghudson@mit.edu>
Tue, 24 Apr 2012 01:05:41 +0000 (01:05 +0000)
committerGreg Hudson <ghudson@mit.edu>
Tue, 24 Apr 2012 01:05:41 +0000 (01:05 +0000)
commit2782e80a12bccd920fa71e23166ac97c4470a637
tree2c2e4c0f03fdbb9144043494b65b4f404d99fdfdtree | snapshot
parent8230c4b7b7323cdef2a6c877deb710a15380f40fcommit | diff
Try all history keys to decrypt password history

A database created prior to 1.3 will have multiple password history
keys, and kadmin prior to 1.8 won't necessarily choose the first one.
So if there are multiple keys, we have to try them all.  If none of
the keys can decrypt a password history entry, don't fail the password
change operation; it's not worth it without positive evidence of
password reuse.

ticket: 7099

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25819 dc483132-0cff-0310-8789-dd5450dbe970
src/lib/kadm5/server_internal.h diff | blob | history
src/lib/kadm5/srv/server_kdb.c diff | blob | history
src/lib/kadm5/srv/svr_principal.c diff | blob | history
src/tests/Makefile.in diff | blob | history
src/tests/hist.c [new file with mode: 0644] blob
src/tests/t_pwhist.py [new file with mode: 0644] blob
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.