projects / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 319d7ed) | patch
Fix password reuse check with cpw -keepold
authorGreg Hudson <ghudson@mit.edu>
Wed, 4 Apr 2012 21:38:57 +0000 (21:38 +0000)
committerGreg Hudson <ghudson@mit.edu>
Wed, 4 Apr 2012 21:38:57 +0000 (21:38 +0000)
commitaf5ee660dec2ef573366a0667526da66898158d7
treeb11f2bd2061aa3580a46e97a53db71f804cffcf8tree | snapshot
parent319d7ed2cf78f2a4afd0c2a18f0645ba1f375903commit | diff
Fix password reuse check with cpw -keepold

When we check for password reuse, only compare keys with the most
recent kvno against history entries, or else we will always fail with
-keepold.

This bug primarily affects rollover of cross-realm TGT principals,
which typically use password-derived keys and may have an associated
password policy such as "default".

Bug report and candidate fix (taken with a slight modification) by
Nicolas Williams.

ticket: 7110

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25801 dc483132-0cff-0310-8789-dd5450dbe970
src/lib/kadm5/srv/svr_principal.c diff | blob | history
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.