]> git.ipfire.org Git - thirdparty/krb5.git/commit
projects / thirdparty / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0b11a47) | patch
Try all history keys to decrypt password history
authorTom Yu <tlyu@mit.edu>
Thu, 21 Jun 2012 16:51:11 +0000 (12:51 -0400)
committerTom Yu <tlyu@mit.edu>
Thu, 21 Jun 2012 16:51:11 +0000 (12:51 -0400)
commit992f1fa3e4af37bb26c94e946cd6eb9c9966e59b
treef8b29bb141fdea6da07717a1f9912eeae93b8822tree
parent0b11a472cf0e83972228ad9ca6ee645e4ffd4c24commit | diff
Try all history keys to decrypt password history

A database created prior to 1.3 will have multiple password history
keys, and kadmin prior to 1.8 won't necessarily choose the first one.
So if there are multiple keys, we have to try them all.  If none of
the keys can decrypt a password history entry, don't fail the password
change operation; it's not worth it without positive evidence of
password reuse.

(back ported from commit 2782e80a12bccd920fa71e23166ac97c4470a637)

ticket: 7180 (new)
version_fixed: 1.8.7
status: resolved
src/lib/kadm5/server_internal.h diff | blob | blame | history
src/lib/kadm5/srv/server_kdb.c diff | blob | blame | history
src/lib/kadm5/srv/svr_principal.c diff | blob | blame | history
Mirror of https://github.com/krb5/krb5.git