Hello,
I am trying to investigate a report from a user that he could change his
password to the same value, despite password history being enabled.
I can an old copy of the users' principal (before he changed his password) from
a backup.
I can dump both the old and new principals using kdb5_uti
On 10/26/2017 10:57 AM, Jerry Shipman wrote:
> If the key blob is different (for the same ciphers), does it for sure mean
> that the passwords are different? Or is it maybe salted with the kvno or
> something? (I thought the salt was predictable -- realm, or principal name,
> or nothing -- which
Hello,
Thank you for the help.
> The key history is stored within a tl_data entry of type 3 (aka
> KRB5_TL_KADM_DATA). tl-data comes before key data in a dump record, so
> you might be looking at that.
Yes, that's what I was doing. The other blobs in there are the same size, just
the first one
