OT? help using Authen::Krb5

[Jeff Saxton]

So I appear to be getting a TGT
---- cut here ----
#!/usr/bin/atperl

use Authen::Krb5;
use Data::Dumper;

my $adServer = 'kserver.mydomain.com';
my $ldapPort = '389';
my $ldapVersion = '3';
my $ldapBindDN  = 's_admin at lab.mydomain.com.local';
my $ldapBindPW = 'p at ss123';

# init
my $k5ctx = Authen::Krb5::init_context() || die $!;
             Authen::Krb5::init_ets();
my $cc = Authen::Krb5::cc_default();

# setup principals
my $cp_str = 's_admin at LAB.MYDOMAIN.COM.LOCAL';
my $client_principal = Authen::Krb5::parse_name($cp_str) || die Authen::Krb5::error();
my $sp_string = 'krbtgt/LAB.MYDOMAIN.COM.LOCAL at LAB.MYDOMAIN.COM.LOCAL';
my $server_principal = Authen::Krb5::parse_name($sp_string) || die Authen::Krb5::error();

# puts the tgt in $cc
Authen::Krb5::get_in_tkt_with_password($client_principal, $server_principal, $ldapBindPW, undef) || die Authen::Krb5::error();
---- cut here ----

It looked like doing a Authen::Krb5::change_password() looked like the easiest way to determine is I could
get a servicre ticket is doing a change_password(), but I get this error:

---- cut here ----
$newPassword = 'p at ss321';
Authen::Krb5::change_password($cc, $client_principal, $ldapBindPW, $newPass) || die Authen::Krb5::error();
---- cut here ----

but I appear to be missing something:
---- cut here ----
Requested effective lifetime is negative or too short at ./test.pl line 36.
---- cut here ----

Can anyone suggest where I might look for more guidance on this, I tried google for a little while but didn't find much.

TIA