krb5_change_password() fails
Greg Hudson
ghudson at MIT.EDU
Tue Jun 4 13:07:00 EDT 2013
On 06/04/2013 11:48 AM, Arpit Srivastava wrote:
> While debugging, I found that it is prof_locate_server() called inside
> k5_locate_server() called by locate_kpasswd() in changepw.c which is
> failing.
> It returns KRB5_REALM_UNKNOWN (which corresponds to Cannot find KDC for
> requested realm).
Are you sure this is what is actually causing the overall
krb5_change_password call to fail? Is krb5_change_password returning
KRB5_REALM_UNKNOWN or some other code?
The code for locating the kpasswd server has a number of fallbacks;
roughly speaking:
* locate_kpasswd looks up locate_service_kpasswd
- k5_locate_server looks for "kpasswd_server" in the profile
- k5_locate_server looks for a _kpasswd SRV record in DNS
* locate_kpasswd looks up locate_service_kadmin
- k5_locate_server looks for "admin_server" in the profile
- k5_locate_server looks for a _kerberos-adm SRV record in DNS
So observing a failure from prof_locate_server() in the debugger is
pretty normal.
More information about the krbdev
mailing list