Check opte->flags instead of options->flags, because we know that opte has
been initialized to the library defaults if options was NULL.
diff -up krb5-1.7/src/lib/krb5/krb/gic_pwd.c krb5-1.7/src/lib/krb5/krb/gic_pwd.c
--- krb5-1.7/src/lib/krb5/krb/gic_pwd.c	2010-01-15 15:07:52.000000000 -0500
+++ krb5-1.7/src/lib/krb5/krb/gic_pwd.c	2010-01-15 15:07:56.000000000 -0500
@@ -200,7 +200,7 @@ krb5_get_init_creds_password(krb5_contex
      * to prompt.  Prompting is only disabled if the option has been set
      * and the value has been set to false.
      */
-    if (!(options->flags & KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT))
+    if (!(opte->flags & KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT))
 	goto cleanup;
 
     /* ok, we have an expired password.  Give the user a few chances