I want to regularly change principles’ password as a rotation mechanism in kerberos.
But what I concern about is that the principle would failed to authenticate using the old password right after I change the password, before I delivery the new one.
Is there some mechanism in kerberos to prevent this? Like kerberos remembering the last password and accept both the old and new password for a period of time.
Thanks in advance!