If you use passwd in an NIS+ environment to change a principal's password, it tries to update the principal's private (secret) key in the cred table.
If you have modify rights to the DES entry in the cred table and if the principal's login and Secure RPC passwords are the same, passwd will update the private key in the cred table.
If you do not have modify rights to the DES entry in the cred table or if the principal's login and Secure RPC passwords are not the same, the passwd command will change the password, but not change the private key.
If you do not have modify rights to the DES entry, it means that the private key in the cred table will have been formed with a password that is now different from the one stored in the passwd table. In this case, the user will have to change keys with the chkey command or run keylogin after each login.