That is not entirely correct. We're running into users:
1. Changing their password as directed via Users/Groups.
2. Sometime after that, usually after a restart. The Keychain password no longer works. NONE of the older passwords work either. The only fix is to reset the keychain, losing all the users stored passwords.
3. Since I know this will happen, I can either get a user to let me know when they've stored all relevant password and then I make a copy of the keychain file against this happening again. Or, I set their password to not expire - neither of which are very elegant.
4. Yes, their centrify clients are in connected mode when the pw change is initiated. And hardwired.
This has happened with I'm going to say, 40% of the users (out of 50).
-Geoff