Since this Monday suddenly all users with expiring passwords are unable
to access DSfW service because the Windows logon claims, that their
password is expired.

The Edir Passwords are not expired and Edir authentification via NMAS
works Ok. Even changing the password does not help for kerberos auth.

/var/op7/novell/xad/log/kdc.log shows the following entries:

AS_REQ (7 etypes {23 -123 -128 3 1 24 -135}) ip-address of client:
CLIENT KEY EXPIRED: user@DOMAIN for krbtgt/DOMAIN@DOMAIN, Password has

My only now working solution was to change the UP-Policy for all users
to not expiring passwords, but that is not really a good solution.

I patched the server after the occurrence of this issue up to the
latest patches and restarted it twice, but that did not help in any way.

W. Prindl