[Freeipa-devel] [PATCH] 480 Do not store LastPwdChange unless it really changed

[Rob Crittenden]

Simo Sorce wrote:
> Due to an idiosyncrasy of kadmin, the right flag to indicate
> krbLastPwdChange is changed is not set. The previous check ended up
> always saving the data in all cases because the data was always present.
> Restrict it to store a password change when there is actually new key
> material.
>
> This prevents also audit operations to cause replications.
>
> Simo.

ACK