Errata overview
Errata ID 635
Date 2020-06-24
Source package heimdal
Fixed in version 7.1.0+dfsg-13+deb9u3A~
This update addresses the following issue:
* When authenticating with an expired password
  via pam-krb5, heimdal prompted
  for a password change, which led to the password being
  overwritten with the old password. This behaviour has
  been fixed.
Additional notes
UCS Bug number #51462