I've just witnessed a strange issue that considering everything that I know about passwords and case sensitivity makes absolutely no sense. The background is that I had a single user using Citrix on a 2003 R2 server using the 4.9.1 SP4/SP5 (2 servers load balancing with different versions). The original problem was that the user tried to log in through the Citrix interface which authentication is set up to use eDir credentials, and they kept getting the local Windows password prompt.

Due to a couple of our systems requiring administrative password resets, we have a master password list for our users when we reset password, I know it is bad practice and I'm working on resolving this. Well anyway, the password that we had on file was not what the user thought that the password was, for example, the password that we had on file was "Pingpong99" and the user thought that the password was "PingPong99" notice the 2nd P's capitalization difference between the two.

Since our last password reset last year, the user has been successfully logging in with their variation of the password, and IT staff have been successfully logging in with the variation that we had on file. That is where I'm getting lost on this issue since everything that I know about passwords says that as far as the system should be concerned each variation is a different password and it should not authenticate both of them. I've sat down with the user and have confirmed that both variations are working. How is this possible? Thanks for any help!