User acquires kerberos ticket and login session is authorized. This log is for a ssh access ...
Best regards, C. L. Martinez ________________________________________ From: Greg Hudson <[email protected]> Sent: 19 April 2024 18:27 To: Carlos Lopez; [email protected] Subject: Re: Force to change password for users On 4/19/24 08:06, Carlos Lopez wrote: > [...] AS_REQ [...] REQUIRED PWCHANGE: [email protected] for > krbtgt/[email protected], Password has expired > [...] AS_REQ [...] NEEDED_PREAUTH: [email protected] for > kadmin/[email protected], Additional pre-authentication required > [...] AS_REQ [...] ISSUE: [...] [email protected] for kadmin/[email protected] > > But in the client side, user can login without problems and no password > change is requested. These are the messages I would expect in the log, including user1 getting a ticket to perform a password change. You say the user can log in. Do they have tickets, or do you just mean a login session is authorized based on the Kerberos interaction? What client-side software is being used? ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
