Skip Menu |

Subject: Add TCP change/set password support
The lack of TCP change and set password support is preventing users in too many groups from
changing passwords.
From: Ken Raeburn <raeburn@MIT.EDU>
Subject: [ #3735] Fwd: MIT kpasswd RFC 3244 and TCP
Date: Fri, 9 Jun 2006 20:43:08 -0400
To: MIT Kerberos RT <>
Download (untitled) / with headers
text/plain 1.3KiB

Begin forwarded message:

Show quoted text
> From: Alexandra Ellwood <lxs@MIT.EDU>
> Date: May 8, 2006 16:05:41 EDT
> To: Ken Raeburn <>
> Subject: Fwd: MIT kpasswd RFC 3244 and TCP
> X-Spam-Score: -3.783
> Here are patches!
> <>
> "Add TCP change/set password support"
> Begin forwarded message:
>> From: todd stecher <>
>> Date: March 27, 2006 4:12:50 PM EST
>> To: Sam Hartman <>
>> Cc:,
>> Subject: Re: MIT kpasswd RFC 3244 and TCP
>> X-Spam-Score: -2.598
>> X-Spam-Flag: NO
>> On Sat, 2006-03-25 at 09:29 -0500, Sam Hartman wrote:
>>> MIT would be very interested in your patch.
>> Sure - it turns out we didn't need the functionality after all, so I
>> wouldn't be surprised if there is a bug or 2 in the patch, e.g. it
>> has
>> had some testing, but not what I would consider "production quality"
>> testing.
>> Some colleagues at Centrified were giving it a whirl last week,
>> but due
>> to schedule constraints, I don't expect results from them any time
>> soon.
>> Attached is the patch - its against 1.4.1, in cvs diff format.
>> Thanks!
>> Todd
>> --
>> Todd Stecher
>> Isilon Systems
>> 220 W. Mercer St. | Seattle, WA 98119
>> Join the Revolution... |
Download 18395.diff
text/x-patch 37.5KiB

Message body is not shown because sender requested not to inline it.

Show quoted text
> --lxs
> Alexandra Ellwood <>
> MIT Kerberos Development Team
> <>
These tickets (2547, 3735) probably shouldn't have been merged; one is
about the server support, and one about the client support, and it's not
clear that they're necessarily of the same priority.

The client-side support patch was merged into the trunk in rev 18518.
Download (untitled) / with headers
text/plain 2.1KiB
From: raeburn@MIT.EDU
Subject: svn rev #18518: trunk/src/ include/ lib/krb4/ lib/krb5/krb/
Date: Wed, 23 Aug 2006 18:56:29 -0400 (EDT)
Reply-To: krbdev@MIT.EDU

Commit By: raeburn
Log Message:
Merge Todd's TCP changepw support, with a few fixups.

* include/cm.h (state_strings, enum conn_states, struct
struct conn_state): Moved here from lib/krb5/os/sendto_kdc.c.
(stuct sendto_callback_info): New type.
* lib/krb5/os/sendto_kdc.c (set_conn_state_msg_length): New function.
(setup_connection): Deleted argument message_len_buf. Don't store message
length; call set_conn_state_msg_length instead.
(start_connection): New arguments callback_info and callback_buffer. Invoke
callback function if any, and set message length on success.
(maybe_send): New arguments callback_info and callback_buffer; pass them to
(krb5int_sendto): New arguments callback_info, remoteaddr,
remoteaddrlen. If
callback info is provided, allocate per-connection buffers, and pass them to
maybe_send. On cleanup, invoke the cleanup callback function if any.
(krb5_sendto_kdc): Update krb5int_sendto call.
* include/k5-int.h (struct sendto_callback_info): Add forward declaration.
(krb5int_sendto, struct _krb5int_access.sendto_udp): Update for new
* lib/krb5/os/send524 (krb5int_524_sendto_kdc): Update krb5int_sendto call.
* lib/krb4/send_to_kdc.c (krb5int_send_to_kdc_addr): Update sendto_udp call.

* lib/krb5/os/changepw.c (struct sendto_callback_context): New type.
(krb5_locate_kpasswd): New argument useTcp, used to select socket type in
krb5int_locate_server call.
(kpasswd_sendto_msg_cleanup, kpasswd_sendto_msg_callback): New functions.
(krb5_change_set_password): Call krb5int_sendto with callbacks, instead of
managing the exchange here. On RESPONSE_TOO_BIG error, try again with TCP

* lib/krb5/krb/chpw.c (krb5int_rd_chpw_rep): If length is wrong, check if a
buggy server sent a KRB_ERROR.

Changed Files:
U trunk/src/include/cm.h
U trunk/src/include/k5-int.h
U trunk/src/lib/krb4/send_to_kdc.c
U trunk/src/lib/krb5/krb/chpw.c
U trunk/src/lib/krb5/os/changepw.c
U trunk/src/lib/krb5/os/send524.c
U trunk/src/lib/krb5/os/sendto_kdc.c