From f4f59121c318766cc10115b65bc4d0e58aa7ec8b Mon Sep 17 00:00:00 2001
From: Love Hornquist Astrand <lha@h5l.org>
Date: Fri, 28 May 2010 13:40:37 -0700
Subject: [PATCH] allow password reuse for a short time after it was set last
 time

Patch from Harald Barth
---
 lib/kadm5/check-cracklib.pl | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/lib/kadm5/check-cracklib.pl b/lib/kadm5/check-cracklib.pl
index e52fc5273..58e2a640c 100644
--- a/lib/kadm5/check-cracklib.pl
+++ b/lib/kadm5/check-cracklib.pl
@@ -40,6 +40,9 @@ my $database = '/usr/lib/cracklib_dict';
 my $historydb = '/var/heimdal/historydb';
 # NEED TO CHANGE THESE TO MATCH YOUR SYSTEM
 
+# seconds password reuse allowed (to catch retries from clients)
+my $reusetime = 60; 
+
 my %params;
 
 sub check_basic
@@ -60,6 +63,7 @@ sub check_repeat
     my $result  = 'Do not reuse passwords';
     my %DB;
     my $md5context = new Digest::MD5;
+    my $timenow = scalar(time());
 
     $md5context->reset();
     $md5context->add($principal, ":", $passwd);
@@ -67,8 +71,11 @@ sub check_repeat
     my $key=$md5context->hexdigest();
 
     dbmopen(%DB,$historydb,0600) or die "Internal: Could not open $historydb";
-    $result = "ok" if (!$DB{$key});
-    $DB{$key}=scalar(time());
+    if (!$DB{$key} || ($timenow - $DB{$key} < $reusetime)) { 
+	$result = "ok";
+	print $timenow - $DB{$key} . "\n";
+	$DB{$key}=$timenow;
+    }
     dbmclose(%DB) or die "Internal: Could not close $historydb";
     return $result;
 }