krb5_set_password from 1.10alpha1 fails with 1.6 server
Russ Allbery
rra at stanford.edu
Thu Dec 22 01:31:14 EST 2011
Is it expected that the krb5_set_password call from a 1.10-alpha1 client
library would fail when going against a 1.6.4-beta1 kadmind? (The former
being the current Debian unstable version, and the latter being the
version released with lenny.) The result is the error:
Wrong protocol version: Request contained unknown protocol version number 65408
I was pretty sure that this used to work with an older client library,
although I could be wrong, since I normally test against a Heimdal KDC.
Changing the API to krb5_change_password causes it to work.
If this is expected, since this is a new protocol, does that mean that a
Kerberos PAM module should really be using the krb5_change_password API,
not the krb5_set_password API, for maximum KDC compatibility?
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list