Kerberos for Mac caches password expiration info?

Ken Hornstein kenh at
Mon Mar 29 12:42:05 EST 2004

>> Is it possible that the user's Macintosh is talking to a slave KDC 
>> which has not yet updated to reflect the password change?  I tried 
>> this against a Heimdal 0.6 KDC with the 10.3.3 kpasswd/kinit and was 
>> unable to reproduce the behavior you describe.
>Slaves are updated every 20 minutes.  This behavior continued for over 
>two days.  And the new password always worked.

I am wondering if perhaps the account (not password) expiration was set
for this principal?  That will also trigger the password expiration warning
for some variants of kinit & friends.


More information about the krbdev mailing list