Is there a way to reset keychain passwords from server.app?
We have a Lion server and a number of Macs that authenticate with the server through open directory. On occasion users have forgotten passwords, and so I've reset them from server.app. I've tried both getting them to enter their password on the server, or setting their password to "password" with reset at next login set, but both methods result in an issue whenever the user logs in where they're prompted to create a new keychain or use their old one (which is not possible because they have forgotten the password to unlock it). This is frustrating for me and users.
Am I doing something wrong, or is this how it is supposed to work? It'd be a real pity if the latter was true, and would go against the idea that "it just works" on the Mac.