git.ipfire.org Git - thirdparty/krb5.git/commit

author	Greg Hudson <ghudson@mit.edu>
	Tue, 24 Apr 2012 01:05:41 +0000 (01:05 +0000)
committer	Tom Yu <tlyu@mit.edu>
	Tue, 15 May 2012 22:25:38 +0000 (18:25 -0400)
commit	c7b8525b7240428beb5f73f97484056385d11db5
tree	73450734bf45990219ad9c93ef842bc3ddd718f9	tree
parent	d6186968eaaa0ae4da5605d1f14c1eb38d5f7ad5	commit \| diff

Try all history keys to decrypt password history

A database created prior to 1.3 will have multiple password history
keys, and kadmin prior to 1.8 won't necessarily choose the first one.
So if there are multiple keys, we have to try them all. If none of
the keys can decrypt a password history entry, don't fail the password
change operation; it's not worth it without positive evidence of
password reuse.

(backported from commit 2782e80a12bccd920fa71e23166ac97c4470a637)

ticket: 7099
version_fixed: 1.10.2
status: resolved

src/lib/kadm5/server_internal.h		diff \| blob \| blame \| history
src/lib/kadm5/srv/server_kdb.c		diff \| blob \| blame \| history
src/lib/kadm5/srv/svr_principal.c		diff \| blob \| blame \| history
src/tests/Makefile.in		diff \| blob \| blame \| history
src/tests/hist.c	[new file with mode: 0644]	blob
src/tests/t_pwhist.py	[new file with mode: 0644]	blob