On Fri, Jul 06, 2007 at 07:53:46PM -0400, Ken Raeburn wrote:
> This code path requires that the principal in question have a policy  
> dictating a minimum time before the password can be changed, and a  
> password change made before that time has elapsed.  (I should've  
> thought of that given the description of changing passwords  
> specifically in a short time.)  Andrew, does that describe your  
> situation?  If so, changing src/kadmin/server/misc.c to include  
> <time.h> could fix the problem.

  Yes, this describes our situation precisely -- I also had
forgotten about the minimum password lifetime in the policy, 
even though I myself remarked on the time-dependent character.

				-- A.
-- 
Dr. Andrew C. E. Reid, Guest Researcher 
Center for Theoretical and Computational Materials Science
National Institute of Standards and Technology, Mail Stop 8910
Gaithersburg MD 20899 USA
andrew.reid@nist.gov