This article describes the issue of user accounts being locked out, when password management is enabled on the local authentication server.
Problem or Goal
User accounts are being locked out, when password management is enabled on the local authentication server.
Cause
If Password Management is not enabled at the realm level, users will be required to change the password as per the Auth server configuration; but will not be prompted for a change due to the Realm configuration.
So, users will not be prompted for the password change and the account will be locked out.
Solution
Enable password management on both the System Local Authentication Server page, as well as the corresponding Realm > Authentication Policy > Password page.