krb5_change_password() fails

Greg Hudson ghudson at MIT.EDU
Mon Jun 3 12:29:12 EDT 2013

On 06/03/2013 06:25 AM, Arpit Srivastava wrote:
> 1. However, the api call fails and I am getting this error code 1117618064
> in field *([out]* *result_code* - Numeric error code from server). How to
> decipher this error code ?

The result code is only meaningful if krb5_change_password returns 0.
1117618064 is probably stack garbage which was in the variable before
you passed it in.  Actual result codes in the range 0-7 inclusive.

The way your code should interpret the results is:

* If krb5_change_password returns non-zero, then the change-password
exchange didn't work at all and you don't have a response from the
server.  Use krb5_get_error_message to interpret the return code.

* If krb5_change_password returns zero, then a successful request and
response occurred.  If result_code is 0, then the password was
successfully changed.  Otherwise, you can compare the result code
against constants like KRB5_KPASSWD_MALFORMED, or use result_code_string
as a text form of the server's error message.

> 2. Are result strings returned by this api UTF8 encoded (as mentioned in
> RFC) ? Because I am using JNI method NewStringUTF() and getting error of
> strings are not being valid UTF8.

Since krb5_change_password did not return 0, result_string has not been
filled in.

More information about the krbdev mailing list