TCP / DNS lookup Support for KPASSWD

[todd stecher]

Hey all:

Been a long time since I spoke with you guys, hope all is well.  

A client running Samba to integrate into a Windows realm is using 1.4.1
of the MIT distribution. 

In their testing with a principal who is a member of a large number of
groups (large PAC), the KPASSWD client is trying UDP 2 times, and
failing with KRB5KRB_ERR_RESPONSE_TOO_BIG.  However, it is never trying
TCP - my reading of the code in changepw.c indicates that even when a
DNS SRV record for _kpasswd exists, TCP will never try to connect.

Note that krb5.conf doesn't have any static kpasswd information
registered in it.  

I'm considering "fixing" this for them in code after I verify my
findings in a debugger - is this something which is already enabled in
some beta somewhere?

Tx,
Todd