Kerberos for Mac caches password expiration info?
kenh at cmf.nrl.navy.mil
Mon Mar 29 12:42:05 EST 2004
>> Is it possible that the user's Macintosh is talking to a slave KDC
>> which has not yet updated to reflect the password change? I tried
>> this against a Heimdal 0.6 KDC with the 10.3.3 kpasswd/kinit and was
>> unable to reproduce the behavior you describe.
>Slaves are updated every 20 minutes. This behavior continued for over
>two days. And the new password always worked.
I am wondering if perhaps the account (not password) expiration was set
for this principal? That will also trigger the password expiration warning
for some variants of kinit & friends.
More information about the krbdev