On Wed, Mar 7, 2012 at 2:24 AM, Christopher Odenbach <[email protected]> wrote: >> We're also reconsidering whether failure to decrypt a history >> entry should continue to be fatal to the password change operation, >> or if the history entry should just be ignored (which could wrongly >> permit the use of historical passwords). > > Well, if a password cannot be decrypted because the needed key is not > there anymore there is no point in letting the password change fail. > Provided of course that every history key is tried.
But there's no integrity protection for most of the KDB, so there's no way to know if the problem is corruption. That said, I agree with you: removing the required key == removing that part of the password history keyed with that key. Nico -- ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
