kpasswd fails on remote, succeeds on local

bogus bogus at erehwyna.ton
Sun Jun 25 20:24:17 EDT 2006

Greetings, gurus:

Assume the following:

  kadmind listening on tcp port 749
  kadmind listening on udp port 464
  krb5kdc listening on udp 88

  kdc.conf includes:
      BOGUS.COM = {
        kadmind_port = 749

  krb5.conf includes:
      BOGUS.COM = {
        admin_server =
        kpasswd_server =

Remote host =
  kdc.conf the same as above

I can successfully change a user's password from the console
of 'kdc', but not from the console of 'bitty'.  From 'bitty',
I execute:

% kpasswd
Password for <user>@BOGUS.COM: (good so far)
Enter new password: :
Enter it again: : (long wait)
kpasswd: Connection timed out changing password

The KDC is issuing a changepw ticket, as seen by the logs on
'kdc', but the transaction is never completed. I get the same
failure whether I attempt the password change as <user> or
<root/admin>. Firewalls are not the issue, and I get the same
results from all remote hosts.  The logs on 'kdc' show no
reason for the failure.

Any clues? 

More information about the Kerberos mailing list