krb5_set_password from 1.10alpha1 fails with 1.6 server

Russ Allbery rra at stanford.edu
Thu Dec 22 01:31:14 EST 2011


Is it expected that the krb5_set_password call from a 1.10-alpha1 client
library would fail when going against a 1.6.4-beta1 kadmind?  (The former
being the current Debian unstable version, and the latter being the
version released with lenny.)  The result is the error:

Wrong protocol version: Request contained unknown protocol version number 65408

I was pretty sure that this used to work with an older client library,
although I could be wrong, since I normally test against a Heimdal KDC.
Changing the API to krb5_change_password causes it to work.

If this is expected, since this is a new protocol, does that mean that a
Kerberos PAM module should really be using the krb5_change_password API,
not the krb5_set_password API, for maximum KDC compatibility?

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>


More information about the Kerberos mailing list