Remember, policies are now extensible. So you could add a bit in the
*policy* that says that it's OK for a user to change the password to
one used previously. OR, we might extend *principals* to say this.
Chris' use case is for password resets, so setting a flag in the
principal when resetting its password, then resetting that flag upon
password change would suffice.
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
