[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kpasswdd allows password reuse when keys master-key encrypted

Buck Huppmann <buckh@pobox.com> writes:

> Hi
> We're trying to age passwords but find that users can reenter the same
> password when using kpasswd/kinit/pam_krb5, and kpasswdd doesn't care.
> From what testing i've done, the patch below would seem to fix the prob-
> lem, but i don't know what further undesirable ramifications it may cause,
> so caveat emptor. (The second hunk--i don't even know if that's the right
> thing to return, but 0 doesn't seem right either)

Yes, that is correct, commited a fix for it. Thanks.

However, I don't know if the test should be there. It should really be in a
password quality check funktion and not there.


PGP signature