Force to change password for users
Carlos Lopez
clopmz at outlook.com
Fri Apr 19 13:06:10 EDT 2024
User acquires kerberos ticket and login session is authorized. This log is for a ssh access ...
Best regards,
C. L. Martinez
________________________________________
From: Greg Hudson <ghudson at mit.edu>
Sent: 19 April 2024 18:27
To: Carlos Lopez; kerberos at mit.edu
Subject: Re: Force to change password for users
On 4/19/24 08:06, Carlos Lopez wrote:
> [...] AS_REQ [...] REQUIRED PWCHANGE: user1 at MYDOM.ORG for krbtgt/MYDOM.ORG at MYDOM.ORG, Password has expired
> [...] AS_REQ [...] NEEDED_PREAUTH: user1 at MYDOM.ORG for kadmin/changepw at MYDOM.ORG, Additional pre-authentication required
> [...] AS_REQ [...] ISSUE: [...] user1 at MYDOM.ORG for kadmin/changepw at MYDOM.ORG
>
> But in the client side, user can login without problems and no password change is requested.
These are the messages I would expect in the log, including user1
getting a ticket to perform a password change.
You say the user can log in. Do they have tickets, or do you just mean
a login session is authorized based on the Kerberos interaction? What
client-side software is being used?
More information about the Kerberos
mailing list