User acquires kerberos ticket and login session is authorized. This log is for a ssh access ...
Best regards, C. L. Martinez ________________________________________ From: Greg Hudson <ghud...@mit.edu> Sent: 19 April 2024 18:27 To: Carlos Lopez; kerberos@mit.edu Subject: Re: Force to change password for users On 4/19/24 08:06, Carlos Lopez wrote: > [...] AS_REQ [...] REQUIRED PWCHANGE: us...@mydom.org for > krbtgt/mydom....@mydom.org, Password has expired > [...] AS_REQ [...] NEEDED_PREAUTH: us...@mydom.org for > kadmin/chang...@mydom.org, Additional pre-authentication required > [...] AS_REQ [...] ISSUE: [...] us...@mydom.org for kadmin/chang...@mydom.org > > But in the client side, user can login without problems and no password > change is requested. These are the messages I would expect in the log, including user1 getting a ticket to perform a password change. You say the user can log in. Do they have tickets, or do you just mean a login session is authorized based on the Kerberos interaction? What client-side software is being used? ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos