krb5_change_password() fails

Arpit Srivastava arpit.orb at
Tue Jun 4 11:48:43 EDT 2013


While debugging, I found that it is prof_locate_server() called inside
k5_locate_server() called by locate_kpasswd() in changepw.c which is
It returns KRB5_REALM_UNKNOWN (which corresponds to Cannot find KDC for
requested realm).
As far I know the way I am calling krb5_change_password is alright. Then,
what could be the reason for this failure ?


On Mon, Jun 3, 2013 at 9:59 PM, Greg Hudson <ghudson at> wrote:

> On 06/03/2013 06:25 AM, Arpit Srivastava wrote:
> > 1. However, the api call fails and I am getting this error code
> 1117618064
> > in field *([out]* *result_code* - Numeric error code from server). How to
> > decipher this error code ?
> The result code is only meaningful if krb5_change_password returns 0.
> 1117618064 is probably stack garbage which was in the variable before
> you passed it in.  Actual result codes in the range 0-7 inclusive.
> The way your code should interpret the results is:
> * If krb5_change_password returns non-zero, then the change-password
> exchange didn't work at all and you don't have a response from the
> server.  Use krb5_get_error_message to interpret the return code.
> * If krb5_change_password returns zero, then a successful request and
> response occurred.  If result_code is 0, then the password was
> successfully changed.  Otherwise, you can compare the result code
> against constants like KRB5_KPASSWD_MALFORMED, or use result_code_string
> as a text form of the server's error message.
> > 2. Are result strings returned by this api UTF8 encoded (as mentioned in
> > RFC) ? Because I am using JNI method NewStringUTF() and getting error of
> > strings are not being valid UTF8.
> Since krb5_change_password did not return 0, result_string has not been
> filled in.

More information about the krbdev mailing list