r21500: Fix inappropriate creation of a krb5 ticket refreshing event when a user

changed a password via pam_chauthtok. Only do this if 

a) a user logs on using an expired password (or a password that needs to
be changed immediately) or 

b) the user itself changes his password.

Also make sure to delete the in-memory krb5 credential cache (when a
user did not request a FILE based cred cache).

Finally honor the krb5 settings in the first pam authentication in the
chauthtok block (PAM_PRELIM_CHECK). This circumvents confusion when
NTLM samlogon authentication is still possible with the old password after
the password has been already changed (on w2k3 sp1 dcs).

Guenther

0 files changed, 0 insertions, 0 deletions