Force to change password for users
Greg Hudson
ghudson at mit.edu
Fri Apr 19 12:27:18 EDT 2024
On 4/19/24 08:06, Carlos Lopez wrote:
> [...] AS_REQ [...] REQUIRED PWCHANGE: user1 at MYDOM.ORG for krbtgt/MYDOM.ORG at MYDOM.ORG, Password has expired
> [...] AS_REQ [...] NEEDED_PREAUTH: user1 at MYDOM.ORG for kadmin/changepw at MYDOM.ORG, Additional pre-authentication required
> [...] AS_REQ [...] ISSUE: [...] user1 at MYDOM.ORG for kadmin/changepw at MYDOM.ORG
>
> But in the client side, user can login without problems and no password change is requested.
These are the messages I would expect in the log, including user1
getting a ticket to perform a password change.
You say the user can log in. Do they have tickets, or do you just mean
a login session is authorized based on the Kerberos interaction? What
client-side software is being used?
More information about the Kerberos
mailing list