When attempting to use perform authentication using FAST, if the principal's keys are expired, the password change request happens outside of FAST. This means that preauth methods which require FAST can't be used for user authentication when the keys expire.