[krbdev.mit.edu #5595] Problems with kpasswd and an IPv6 enviroment
Public Submitter via RT
rt-comment at krbdev.mit.edu
Sun Oct 7 02:30:32 EDT 2007
[guest - Tue Jul 17 08:16:06 2007]:
> Found in krb5-1.6.2 on linux:
>
> I found a problem with kpasswd command and IPv6.
> I am working in an enviroment where the nameserver also has IPv6
> addresses for my host.
>
> When I start kadmind which listen only to the IPv4 address.
> When I now try to change the password using kpasswd, it first try to
> connect to the IPv6 address and got a ICMPv6 messages "Port
> unreachable". After this kpasswd tries the IPv4 address and the
> kpasswd server retuned with:
>
> Server error: Failed decrypting request
>
> I added a little bit more debugging code and found, that it failed in:
> src/lib/krb5/krb/rd_priv.c krb5_rd_priv line 249
> with KRB5KRB_AP_ERR_BADORDER
I can confirm I am seeing the same thing here - I ended up removing the
AAAA record from the KDC before kpasswd started working correctly again.
-Peter (Peter_Losher at isc.org)
More information about the krb5-bugs
mailing list