Annoying password expiry messages.

Mon Mar 5 06:16:03 EST 2012

Hi,
   We recently upgraded some ArchLinux systems to the latest, which
means that they switched from using heimdal to mit krb5.
Our KDC however remains a heimdal system (running on NetBSD).

Now when you log in to these ArchLinux systems with an account that has
an account expiry time but no password expiry time

kadmin> list --long zouweiz
            Principal: zouweiz at ECS.VUW.AC.NZ
    Principal expires: 2012-12-02 10:59:59 UTC
     Password expires: never

you get this annoying warning:

Warning: Your password will expire in less than one hour on Thu Jan  1
12:00:00 1970

If you set the password expiry to some time way in the future

            Principal: zouweiz at ECS.VUW.AC.NZ
    Principal expires: 2012-12-02 10:59:59 UTC
     Password expires: 2012-12-01 00:00:00 UTC

you get:

Warning: Your password will expire in 270 days on Sat Dec  1 13:00:00 2012

however if both the principal and password are set to never expire you
don't get any message

            Principal: mark at ECS.VUW.AC.NZ
    Principal expires: never
     Password expires: never

We don't see these warnings on our other systems.  Any idea whats
causing them and how to shut them up?

cheers
mark