Im working with ubuntu 7.10 clients authenticating against kerberos. The
issue arises when I a set the REQUIRES_PWCHANGE attribute to a user key so
that in next login they are required to change the password. Some machines (
not all ) can't authenticate when the mentioned attribute is set , they
"kinit(v5): Password has expired while getting initial credentials"

(Of course my password expiration time haven't been reached and it reports
the same working with policies or without it)

if I a unset the attribute, i can obtain the tickets. Like i said this
behavior is present in some machines , others can get tickets with the
attribute set or unset with the same principals.