We sometimes are facing the problem described in this article:
However, what could be the cause of why the password is not matching what is in Active Directory ? The article talks about how to resync them back, but doesn't give any reason why it happens. With the oneway script, the service account in the trusted AD domain gets created with "password never expires". So, the password is not being changed on the trusted AD domain side. So, we just want to know what is causing it. We use one keytab file per system so at least the outage when this happens is limited to that system. But, still we would like to get to the bottom of it. Thanks.