TCP / DNS lookup Support for KPASSWD

todd stecher tstecher at
Wed Feb 1 18:20:56 EST 2006

Hey all:

Been a long time since I spoke with you guys, hope all is well.  

A client running Samba to integrate into a Windows realm is using 1.4.1
of the MIT distribution. 

In their testing with a principal who is a member of a large number of
groups (large PAC), the KPASSWD client is trying UDP 2 times, and
failing with KRB5KRB_ERR_RESPONSE_TOO_BIG.  However, it is never trying
TCP - my reading of the code in changepw.c indicates that even when a
DNS SRV record for _kpasswd exists, TCP will never try to connect.

Note that krb5.conf doesn't have any static kpasswd information
registered in it.  

I'm considering "fixing" this for them in code after I verify my
findings in a debugger - is this something which is already enabled in
some beta somewhere?


More information about the krbdev mailing list