when a session drops after a password change, the client tries to reconnect every couple of seconds, which causes the bad password counter to go up rapidly, and could lock the account.
I think this needs throttling, or possibly just unmount on bad password errors.
Well, we can't really unmount at that point -- mounting is controlled at a
different layer. Throttling is probably doable -- the reconnect behavior of
cifs.ko in general needs some work.