system call interrupt and krb5_change_password

Greg Hudson ghudson at MIT.EDU
Mon Aug 5 11:17:49 EDT 2013

On 08/05/2013 02:43 AM, Arpit Srivastava wrote:
> However, when password change is rejected because of AD policy: I am
> getting error msg " Interrupted system call " instead of "Password change
> rejected" in result_string field.

The kpasswd protocol error code for "Password change rejected" is 4.  If
this were somehow misinterpreted as a com_err code, you would get the
string "Interrupted system call" because EINTR is also 4 on most
Unix-like systems.

I'm not aware of any current or historical bug in our library which
would misinterpret the protocol code that way, but it's possible there
was one.  What version of libkrb5 are you using?

result_string is supposed to come from the password change server (in
the e-data field of the KRB-ERROR message, after the result code).  So
it's conceivable that this misinterpretation originates on the server,
but that seems like a stretch if the server is an Active Directory
domain controller as you imply.

More information about the krbdev mailing list