diff --git a/build.bat b/build.bat
index 8c66041a..bbab0258 100755
--- a/build.bat
+++ b/build.bat
@@ -10,7 +10,7 @@ cl /O2 /Ob2 /Oi /Ot /I "\mxml" /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_CRT_SEC
 cl /O2 /Ob2 /Oi /Ot /I "\mxml" /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_CRT_SECURE_NO_DEPRECATE" /D "_CRT_NONSTDC_NO_DEPRECATE" /D "_VC80_UPGRADE=0x0710" /D "_MBCS" /GF /FD /EHsc /MT /Gy /Fo".\NT\Release/" /W3 /nologo /c /Zi /TC \mxml\mxml.c
 cl /O2 /Ob2 /Oi /Ot /I "\mxml" /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_CRT_SECURE_NO_DEPRECATE" /D "_CRT_NONSTDC_NO_DEPRECATE" /D "_VC80_UPGRADE=0x0710" /D "_MBCS" /GF /FD /EHsc /MT /Gy /Fo".\NT\Release/" /W3 /nologo /c /Zi /TC \mxml\strlcpy.c
 
-link "/OUT:.\NT\Release/elogd.exe" /INCREMENTAL:NO /DEBUG /SUBSYSTEM:CONSOLE /STACK:4000000 /MACHINE:X86 wsock32.lib advapi32.lib ".\NT\Release\elogd.obj" ".\NT\Release\mxml.obj" ".\NT\Release\regex.obj" ".\NT\Release\crypt.obj" ".\NT\Release\strlcpy.obj" "\openssl\lib\vc\ssleay32MD.lib" "\openssl\lib\vc\libeay32MD.lib"
+link "/OUT:.\NT\Release/elogd.exe" /INCREMENTAL:NO /DEBUG /SUBSYSTEM:CONSOLE /STACK:4000000 /MACHINE:X86 wsock32.lib advapi32.lib ".\NT\Release\elogd.obj" ".\NT\Release\mxml.obj" ".\NT\Release\regex.obj" ".\NT\Release\crypt.obj" ".\NT\Release\strlcpy.obj" "\openssl\lib\vc\ssleay32MD.lib" "\openssl\lib\vc\libeay32MD.lib" "\krb5\lib\i386\krb5_32.lib"
 
 cl /O2 /Ob2 /Oi /Ot /I "\mxml" /I "\openssl\include" /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_CRT_SECURE_NO_DEPRECATE" /D "_CRT_NONSTDC_NO_DEPRECATE" /D "_VC80_UPGRADE=0x0710" /D "_MBCS" /D "HAVE_SSL" /GF /FD /EHsc /MT /Gy /Fo".\NT\Release/" /W3 /nologo /c /Zi /TC src\elog.c
 link "/OUT:.\NT\Release/elog.exe" /INCREMENTAL:NO /DEBUG /SUBSYSTEM:CONSOLE /MACHINE:X86 wsock32.lib ".\NT\Release\elog.obj" ".\NT\Release\crypt.obj" "\openssl\lib\vc\ssleay32MD.lib" "\openssl\lib\vc\libeay32MD.lib"
diff --git a/src/auth.c b/src/auth.c
index cb854d7e..9f2dd2ca 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -72,7 +72,8 @@ int auth_verify_password_krb5(LOGBOOK *lbs, const char *user, const char *passwo
    krb5_get_init_creds_opt_free(context, &options);
    krb5_free_context(context);
 
-   if (error && error != KRB5KDC_ERR_PREAUTH_FAILED) {
+   if (error && error != KRB5KDC_ERR_PREAUTH_FAILED &&
+                error != KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN) {
       strlcpy(error_str, "<b>Kerberos error:</b><br>", error_size);
       strlcat(error_str, krb5_get_error_message(context, error), error_size);
       strlcat(error_str, ".<br>Please check your Kerberos configuration.", error_size);
@@ -186,7 +187,7 @@ int auth_verify_password_file(LOGBOOK *lbs, const char *user, const char *passwo
 
 int auth_change_password_file(LOGBOOK *lbs, const char *user, const char *old_pwd, const char *new_pwd, char *error_str, int error_size)
 {
-   char str[256], file_name[256];
+   char str[256], file_name[256], enc_pwd[256];
    PMXML_NODE node;
 
    if (lbs == NULL)
@@ -200,7 +201,8 @@ int auth_change_password_file(LOGBOOK *lbs, const char *user, const char *old_pw
    if (node == NULL)
       return FALSE;
 
-   mxml_replace_node_value(node, new_pwd);
+   do_crypt(new_pwd, enc_pwd, sizeof(enc_pwd));
+   mxml_replace_node_value(node, enc_pwd);
 
    if (get_password_file(lbs, file_name, sizeof(file_name)))
       mxml_write_tree(file_name, lbs->pwd_xml_tree);
@@ -213,29 +215,40 @@ int auth_change_password_file(LOGBOOK *lbs, const char *user, const char *old_pw
 int auth_verify_password(LOGBOOK *lbs, const char *user, const char *password, char *error_str, int error_size)
 {
    char str[256];
+   BOOL verified;
 
    error_str[0] = 0;
+   verified = FALSE;
    getcfg(lbs->name, "Authentication", str, sizeof(str));
 
 #ifdef HAVE_KRB5
-   if (stricmp(str, "Kerberos") == 0)
-      return auth_verify_password_krb5(lbs, user, password, error_str, error_size);
+   if (stristr(str, "Kerberos"))
+      verified = auth_verify_password_krb5(lbs, user, password, error_str, error_size);
+   if (verified)
+      return TRUE;
 #endif
 
-   return auth_verify_password_file(lbs, user, password, error_str, error_size);
+   if (str[0] == 0 || stristr(str, "File"))
+      verified = auth_verify_password_file(lbs, user, password, error_str, error_size);
+
+   return verified;
 }
 
 int auth_change_password(LOGBOOK *lbs, const char *user, const char *old_pwd, const char *new_pwd, char *error_str, int error_size)
 {
+   int status;
    char str[256];
 
    error_str[0] = 0;
    getcfg(lbs->name, "Authentication", str, sizeof(str));
 
+   if (str[0] == 0 || stristr(str, "File"))
+      status = auth_change_password_file(lbs, user, old_pwd, new_pwd, error_str, error_size);
+
 #ifdef HAVE_KRB5
-   if (stricmp(str, "Kerberos") == 0)
-      return auth_change_password_krb5(lbs, user, old_pwd, new_pwd, error_str, error_size);
+   if (stristr(str, "Kerberos"))
+      status = auth_change_password_krb5(lbs, user, old_pwd, new_pwd, error_str, error_size);
 #endif
 
-   return auth_change_password_file(lbs, user, old_pwd, new_pwd, error_str, error_size);
+   return status;
 }
diff --git a/src/elogd.c b/src/elogd.c
index fe6bb4bc..929120c4 100755
--- a/src/elogd.c
+++ b/src/elogd.c
@@ -8514,22 +8514,12 @@ void show_change_pwd_page(LOGBOOK * lbs)
 
    old_pwd[0] = new_pwd[0] = new_pwd2[0] = 0;
 
-   if (stricmp(auth, "Kerberos") == 0) {
-      if (isparam("oldpwd"))
-         strlcpy(old_pwd, getparam("oldpwd"), sizeof(old_pwd));
-      if (isparam("newpwd"))
-         strlcpy(new_pwd, getparam("newpwd"), sizeof(new_pwd));
-      if (isparam("newpwd2"))
-         strlcpy(new_pwd2, getparam("newpwd2"), sizeof(new_pwd2));
-
-   } else {
-      if (isparam("oldpwd"))
-         do_crypt(getparam("oldpwd"), old_pwd, sizeof(old_pwd));
-      if (isparam("newpwd"))
-         do_crypt(getparam("newpwd"), new_pwd, sizeof(new_pwd));
-      if (isparam("newpwd2"))
-         do_crypt(getparam("newpwd2"), new_pwd2, sizeof(new_pwd2));
-   }
+   if (isparam("oldpwd"))
+      strlcpy(old_pwd, getparam("oldpwd"), sizeof(old_pwd));
+   if (isparam("newpwd"))
+      strlcpy(new_pwd, getparam("newpwd"), sizeof(new_pwd));
+   if (isparam("newpwd2"))
+      strlcpy(new_pwd2, getparam("newpwd2"), sizeof(new_pwd2));
 
    strlcpy(user, isparam("unm") ? getparam("unm") : "", sizeof(user));
    if (isparam("config")) {
@@ -8549,9 +8539,9 @@ void show_change_pwd_page(LOGBOOK * lbs)
    }
 
    if (old_pwd[0] || new_pwd[0]) {
-      if (user[0] && get_user_line(lbs, user, act_pwd, full_user, NULL, NULL, NULL, NULL)) {
+      if (user[0]) {
 
-         if (stricmp(auth, "Kerberos") == 0) {
+         if (stristr(auth, "Kerberos")) {
             if (strcmp(new_pwd, new_pwd2) != 0)
                wrong_pwd = 2;
          } else {
@@ -8560,7 +8550,7 @@ void show_change_pwd_page(LOGBOOK * lbs)
                 && stricmp(getparam("unm"), user) != 0)
                wrong_pwd = 0;
             else {
-               if (strcmp(old_pwd, act_pwd) != 0)
+               if (!auth_verify_password(lbs, user, old_pwd, str, sizeof(str)))
                   wrong_pwd = 1;
             }
 
@@ -12700,7 +12690,7 @@ int save_user_config(LOGBOOK * lbs, char *user, BOOL new_user)
 
    /* check for blank password if not external authentication*/
    getcfg(lbs->name, "Authentication", auth, sizeof(auth));
-   if (stricmp(auth, "Kerberos") != 0) {
+   if (stristr(auth, "Kerberos") == NULL) {
       if (isparam("newpwd")) {
          strlcpy(str, getparam("newpwd"), sizeof(str));
          if (str[0] == 0) {
@@ -12720,7 +12710,7 @@ int save_user_config(LOGBOOK * lbs, char *user, BOOL new_user)
       self_register = atoi(str);
 
    new_pwd[0] = 0;
-   if (stricmp(auth, "Kerberos") != 0) {
+   if (stristr(auth, "Kerberos") == NULL) {
       /* check if passwords match */
       if (isparam("newpwd") && isparam("newpwd2")) {
          do_crypt(getparam("newpwd"), new_pwd, sizeof(new_pwd));
@@ -13424,7 +13414,7 @@ void show_forgot_pwd_page(LOGBOOK * lbs)
 {
    int i;
    char str[1000], str2[1000], login_name[256], full_name[256], user_email[256], name[256], pwd[256],
-       redir[256], pwd_encrypted[256], smtp_host[256], mail_from[256], mail_from_name[256], subject[256],
+       redir[256], smtp_host[256], mail_from[256], mail_from_name[256], subject[256],
        mail_text[1000], url[1000], error[1000];
 
    if (isparam("login_name")) {
@@ -13447,11 +13437,9 @@ void show_forgot_pwd_page(LOGBOOK * lbs)
             }
 
             /* create random password */
-            for (i = 0; i < 8; i++)
-               str[i] = 'A' + (rand() % 25);
-            str[i] = 0;
-            base64_encode((unsigned char *) str, (unsigned char *) pwd, sizeof(pwd));
-            do_crypt(pwd, pwd_encrypted, sizeof(pwd_encrypted));
+            for (i = 0; i < 16; i++)
+               pwd[i] = 'A' + (rand() % 25);
+            pwd[i] = 0;
 
             /* send email with new password */
             if (!getcfg("global", "SMTP host", smtp_host, sizeof(smtp_host))) {
@@ -13515,7 +13503,7 @@ void show_forgot_pwd_page(LOGBOOK * lbs)
 
             if (sendmail(lbs, smtp_host, mail_from, user_email, mail_text, error, sizeof(error)) != -1) {
                /* save new password */
-               auth_change_password(lbs, login_name, NULL, pwd_encrypted, str, sizeof(str));
+               auth_change_password(lbs, login_name, NULL, pwd, str, sizeof(str));
 
                /* show notification web page */
                show_standard_header(lbs, FALSE, loc("ELOG password recovery"), "", FALSE, NULL, NULL);
diff --git a/src/elogd.h b/src/elogd.h
index 123040e9..e59f2af5 100644
--- a/src/elogd.h
+++ b/src/elogd.h
@@ -286,6 +286,7 @@ void show_elog_entry(LOGBOOK * lbs, char *dec_path, char *command);
 char *loc(char *orig);
 void strencode(char *text);
 void strencode_nouml(char *text);
+char *stristr(const char *str, const char *pattern);
 int scan_attributes(char *logbook);
 int is_inline_attachment(char *encoding, int message_id, char *text, int i, char *att);
 int setgroup(char *str);