tech-security: Kerberos 5 passwd/kpasswd & /etc/services?

Subject: Kerberos 5 passwd/kpasswd & /etc/services?
To: None <tech-crypto@netbsd.org, tech-security@netbsd.org>
From: Hans-Christian Becker <hcb@phc.chalmers.se>
List: tech-security
Date: 07/06/2000 16:12:35

  by mail.netbsd.org with SMTP; 6 Jul 2000 14:22:22 -0000
	by idun.phc.chalmers.se (8.8.8/8.8.7) with ESMTP id QAA12540;
	Thu, 6 Jul 2000 16:22:07 +0200
Mime-Version: 1.0
Message-Id: <p04320400b58a43d13377@[129.16.97.50]>
Date: Thu, 6 Jul 2000 16:12:35 +0200
To: tech-crypto@netbsd.org, tech-security@netbsd.org
From: Hans-Christian Becker <hcb@phc.chalmers.se>
Subject: Kerberos 5 passwd/kpasswd & /etc/services?
Content-Type: text/plain; charset="us-ascii" ; format="flowed"

(I posted this to current-users but got no replies)
Dear all,
Having sucessfully (I think) set up a Kerbereros 5 kdc (i386 running
the 20000620 snapshot), I can from my macppc (source from July 1)
* get tickets
* login with Kerberos authentication
The latter, however, gives me
login in free(): warning: chunk is already free.
login in free(): warning: chunk is already free.
login in free(): warning: chunk is already free.
Last login: Wed Jul  5 21:01:58 2000 on ttyE0
but lets me log in.
More frustrating is that I cannot change my password:

hcb@fkmac26$ passwd
hcb@PHC.CHALMERS.SE's Password:
New password:
Verifying password - New password:
passwd: kpasswd/udp unknown service, using default port 464
passwd: krb5_change_password: Bad file descriptor
hcb@fkmac26$

I looked through /etc/services and compared with what the heimdal
distribution says, and indeed port 464 is undefined in
/etc/services. Heimdal says
kpasswd         464/udp                         # password changing
kpasswd         464/tdp                         # password changing

If I add the lines above to /etc/services, only
passwd: krb5_change_password: Bad file descriptor
remains.

Further, looking through /etc/rc.d/kerberos and /etc/inetd.conf, I find
references to programs non-existent on my machines:
* /usr/sbin/kerberos
* /usr/libexec/registerd

I admit being relatively clueless as to setting up Kerberos, so any
hints, tips and explanations are warmly welcome.

Best regards,
Hans-Christian
-- 
Dr. Hans-Christian Becker (hcb@phc.chalmers.se)
Department of Physical Chemistry
Chalmers University of Technology, Sweden