Kerberos for Mac caches password expiration info?

[Ken Hornstein]

>Perhaps the user did not carefully read or faithfully report the error 
>message, or perhaps KfM didn't make it clear, but it was indeed due to 
>principal expiration.  Whatever Linux implementation the user tried 
>wasn't reporting that.

You can't completely blame the user.  The problem is that the client-side
code will always call it a "password expiration", not "account expiration".
It's a long story.

--Ken