Fix password reuse check with cpw -keepold

When we check for password reuse, only compare keys with the most
recent kvno against history entries, or else we will always fail with
-keepold.

This bug primarily affects rollover of cross-realm TGT principals,
which typically use password-derived keys and may have an associated
password policy such as "default".

Bug report and candidate fix (taken with a slight modification) by
Nicolas Williams.

ticket: 7110

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25801 dc483132-0cff-0310-8789-dd5450dbe970

0 files changed, 0 insertions, 0 deletions