Hi all,

Is there any good way to make sure that a user will be prompted to change
his password the next time he authenticates as a given principal.

My first attempt was via setting the needchange flag on a test principal,
but then I am unable to authenticate as that princpal in the first place:

kadmin: modprinc +needchange cah220
Principal "cah220@COYHILE.COM" modified.
kadmin: quit
[22:53:31]supergrover:~ % kinit cah220
kinit(v5): Password has expired while getting initial credentials
[22:53:37]supergrover:~ %

For what it's worth, I'm using an MIT kdc (actually SEAM).

--
Coy Hile
coy.hile@coyhile.com