Public Submitter via RT wrote: >> This parameter is not used when searching the krb5.conf file. > > Well, it is used. Here is the line how it is called: > > changepw.c:krb5_locate_kpasswd > => locate_kdc.c:krb5int_locate_server(..., socktype stream, ...) > => locate_kdc.c:prof_locate_server(..., socktype stream, ...) > => locate_kdc.c:krb5_locate_srv_conf_1(..., socktype stream, ...) > => locate_kdc.c:[krb5int_]add_host_to_list(..., socktype > stream, ...) > { > hint.ai_socktype = socktype; > } > > I can say: When I specify only kdc and admin_server in krb5.conf (no > DNS) this code tries to open a tcp connection to kpasswd service port > 464. But kadmind does not open such a port. It has only a udp port > open. I suspect that patch that you are looking for is this. Please confirm that it addresses your issue and I will commit it. Index: changepw.c =================================================================== --- changepw.c (revision 19063) +++ changepw.c (working copy) @@ -70,12 +70,14 @@ locate_service_kadmin, SOCK_STREAM, 0); if (!code) { /* Success with admin_server but now we need to change the - port number to use DEFAULT_KPASSWD_PORT. */ + port number to use DEFAULT_KPASSWD_PORT and the socktype. */ int i; for (i=0; inaddrs; i++) { struct addrinfo *a = addrlist->addrs[i].ai; if (a->ai_family == AF_INET) sa2sin (a->ai_addr)->sin_port = htons(DEFAULT_KPASSWD_PORT); + if (sockType != SOCK_STREAM) + a->ai_socktype == sockType; } } }