Self Service Password Change works different to Password Reset

UCS - Univention Corporate Server
1

Hi everyone, I noticed that when users change their passwords through the #/selfservice/passwordchange path, then the password only gets updated on kerberos/samba through PAM as far as I can see, so all logins through LDAP still use the old password. but when I use #/selfservice/passwordforgotten, only then it gets updated in LDAP.
Is this a bug or am I doing something wrong here?

umc/self-service/allow-authenticated-use is set to true

2

we need more details to be able to find out the problem.

The self service password-forgot method sets the new password via UDM and therefore all 3 hash types are set: userPassword, SambaNTPassword and krb5Key.

The regular password change via PAM uses pam-krb5 to change the password. The Kerbereos server behind it (Heimdal or Samba4) will change all 3 password hashes also via UDM.