On 4/19/24 08:06, Carlos Lopez wrote:
[...] AS_REQ [...] REQUIRED PWCHANGE: us...@mydom.org for
krbtgt/mydom....@mydom.org, Password has expired
[...] AS_REQ [...] NEEDED_PREAUTH: us...@mydom.org for
kadmin/chang...@mydom.org, Additional pre-authentication required
[...] AS_REQ [...] ISSUE: [...] us...@mydom.org for kadmin/chang...@mydom.org
But in the client side, user can login without problems and no password change
is requested.
These are the messages I would expect in the log, including user1
getting a ticket to perform a password change.
You say the user can log in. Do they have tickets, or do you just mean
a login session is authorized based on the Kerberos interaction? What
client-side software is being used?
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos