Received: from jalapeno.cc.columbia.edu (IDENT:cu41754@jalapeno.cc.columbia.edu [128.59.29.5]) by krbdev.mit.edu (8.9.3p2) with ESMTP id HAA13841; Thu, 18 Jan 2007 07:55:19 -0500 (EST) Received: from [192.168.1.13] (cpe-68-175-93-48.nyc.res.rr.com [68.175.93.48]) (user=jaltman mech=PLAIN bits=0) by jalapeno.cc.columbia.edu (8.13.7/8.13.6) with ESMTP id l0ICtBan023182 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Thu, 18 Jan 2007 07:55:13 -0500 (EST) Message-Id: <45AF6EAE.5030407@mit.edu> Date: Thu, 18 Jan 2007 07:57:18 -0500 From: Jeffrey Altman User-Agent: Thunderbird 1.5.0.9 (Windows/20061207) MIME-Version: 1.0 To: rt@krbdev.mit.edu Subject: Re: [krbdev.mit.edu #5393] krb5-1.6: tcp kpasswd service required if only admin_server is specified in krb5.conf References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-No-Spam-Score: Local X-Scanned-BY: MIMEDefang 2.48 on 128.59.29.5 RT-Send-Cc: X-RT-Original-Encoding: iso-8859-1 Content-Length: 1782 Public Submitter via RT wrote: >> This parameter is not used when searching the krb5.conf file. > > Well, it is used. Here is the line how it is called: > > changepw.c:krb5_locate_kpasswd > => locate_kdc.c:krb5int_locate_server(..., socktype stream, ...) > => locate_kdc.c:prof_locate_server(..., socktype stream, ...) > => locate_kdc.c:krb5_locate_srv_conf_1(..., socktype stream, ...) > => locate_kdc.c:[krb5int_]add_host_to_list(..., socktype > stream, ...) > { > hint.ai_socktype = socktype; > } > > I can say: When I specify only kdc and admin_server in krb5.conf (no > DNS) this code tries to open a tcp connection to kpasswd service port > 464. But kadmind does not open such a port. It has only a udp port > open. I suspect that patch that you are looking for is this. Please confirm that it addresses your issue and I will commit it. Index: changepw.c =================================================================== --- changepw.c (revision 19063) +++ changepw.c (working copy) @@ -70,12 +70,14 @@ locate_service_kadmin, SOCK_STREAM, 0); if (!code) { /* Success with admin_server but now we need to change the - port number to use DEFAULT_KPASSWD_PORT. */ + port number to use DEFAULT_KPASSWD_PORT and the socktype. */ int i; for (i=0; inaddrs; i++) { struct addrinfo *a = addrlist->addrs[i].ai; if (a->ai_family == AF_INET) sa2sin (a->ai_addr)->sin_port = htons(DEFAULT_KPASSWD_PORT); + if (sockType != SOCK_STREAM) + a->ai_socktype == sockType; } } }