Content-Type: text/plain; charset="ISO-8859-1"; format=flowed Content-Transfer-Encoding: 7bit X-RT-Original-Encoding: iso-8859-1 Content-Length: 1560 Hello, Recently I found wrong logic in krb5_locate_kpasswd() function (krb5/build/src/lib/krb5/os/changepw.c file). If we got success on first call for krb5int_locate_server(), then the following code will not be executed: if (!code) { /* Success with admin_server but now we need to change the port number to use DEFAULT_KPASSWD_PORT and the socktype. */ int i; for (i=0; inaddrs; i++) { struct addrinfo *a = addrlist->addrs[i].ai; if (a->ai_family == AF_INET) sa2sin (a->ai_addr)->sin_port = htons(DEFAULT_KPASSWD_PORT); if (sockType != SOCK_STREAM) a->ai_socktype = sockType; } } As a result MS Kpasswd request will be wrongly sent to 88 port. Default port for kadmin/chpasswd is 464. The following patch will fix issue: ==== //xxxxx/krb5/build/src/lib/krb5/os/changepw.c#4 - /yyyyy/krb5/build/src/lib/krb5/os/changepw.c ==== @@ -70,6 +70,7 @@ code = krb5int_locate_server (context, realm, addrlist, locate_service_kadmin, SOCK_STREAM, AF_INET); + } if (!code) { /* Success with admin_server but now we need to change the port number to use DEFAULT_KPASSWD_PORT and the socktype. */ @@ -82,7 +83,7 @@ a->ai_socktype = sockType; } } - } + return (code); } Thanks, Roman