On 4/19/24 08:06, Carlos Lopez wrote:
[...] AS_REQ [...] REQUIRED PWCHANGE: [email protected] for
krbtgt/[email protected], Password has expired
[...] AS_REQ [...] NEEDED_PREAUTH: [email protected] for
kadmin/[email protected], Additional pre-authentication required
[...] AS_REQ [...] ISSUE: [...] [email protected] for kadmin/[email protected]
But in the client side, user can login without problems and no password change
is requested.
These are the messages I would expect in the log, including user1
getting a ticket to perform a password change.
You say the user can log in. Do they have tickets, or do you just mean
a login session is authorized based on the Kerberos interaction? What
client-side software is being used?
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
