Kerberos – Can’t change passwords

At first thought we were having a problem with the Windows PDC not allowing PC users to change their passwords... but it turns out it's actually Kerberos that's failing. I tried the Kerberos GUI tool on Mac OS X and it proved the problem is Kerberos. See the KDC log entry: May 18 10:57:34 g5server.sjsschool.co.uk krb5kdc[205](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 10.0.0.3: REQUIRED PWCHANGE: andrewmcn@G5SERVER.SJSSCHOOL.CO.UK for krbtgt/G5SERVER.SJSSCHOOL.CO.UK@G5SERVER.SJSSCHOOL.CO.UK, Password has expired May 18 10:57:43 g5server.sjsschool.co.uk krb5kdc[205](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 10.0.0.3: NEEDED_PREAUTH: andrewmcn@G5SERVER.SJSSCHOOL.CO.UK for kadmin/changepw@G5SERVER.SJSSCHOOL.CO.UK, Additional pre-authentication required May 18 10:57:44 g5server.sjsschool.co.uk krb5kdc[205](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 10.0.0.3: CHECK_PWS_ACCT: andrewmcn@G5SERVER.SJSSCHOOL.CO.UK for kadmin/changepw@G5SERVER.SJSSCHOOL.CO.UK, Cannot allocate memory Seen this before? Any quick fixes other than tearing down my ODM and re-promoting? I am just trying switching spnego off on Samba to see if I can by-pass this faulty KDC. Thanks in advance