[krbdev.mit.edu #5595] Problems with kpasswd and an IPv6 enviroment

Public Submitter via RT rt-comment at krbdev.mit.edu
Sun Oct 7 02:30:32 EDT 2007


[guest - Tue Jul 17 08:16:06 2007]:

> Found in krb5-1.6.2 on linux:
> 
> I found a problem with kpasswd command and IPv6. 
> I am working in an enviroment where the nameserver also has IPv6 
> addresses for my host.
> 
> When I start kadmind which listen only to the IPv4 address.
> When I now try to change the password using kpasswd, it first try to 
> connect to the IPv6 address and got a ICMPv6 messages "Port 
> unreachable". After this kpasswd tries the IPv4 address and the 
> kpasswd server retuned with:
> 
>  Server error: Failed decrypting request
> 
> I added a little bit more debugging code and found, that it failed in:
> src/lib/krb5/krb/rd_priv.c krb5_rd_priv line 249
> with KRB5KRB_AP_ERR_BADORDER

I can confirm I am seeing the same thing here - I ended up removing the
AAAA record from the KDC before kpasswd started working correctly again.

-Peter (Peter_Losher at isc.org)




More information about the krb5-bugs mailing list