Subject: Kerberos 5 passwd/kpasswd & /etc/services?
To: None <,>
From: Hans-Christian Becker <>
List: tech-security
Date: 07/06/2000 16:12:35
  by with SMTP; 6 Jul 2000 14:22:22 -0000
	by (8.8.8/8.8.7) with ESMTP id QAA12540;
	Thu, 6 Jul 2000 16:22:07 +0200
Mime-Version: 1.0
Message-Id: <p04320400b58a43d13377@[]>
Date: Thu, 6 Jul 2000 16:12:35 +0200
From: Hans-Christian Becker <>
Subject: Kerberos 5 passwd/kpasswd & /etc/services?
Content-Type: text/plain; charset="us-ascii" ; format="flowed"

(I posted this to current-users but got no replies)
Dear all,
Having sucessfully (I think) set up a Kerbereros 5 kdc (i386 running
the 20000620 snapshot), I can from my macppc (source from July 1)
* get tickets
* login with Kerberos authentication
The latter, however, gives me
login in free(): warning: chunk is already free.
login in free(): warning: chunk is already free.
login in free(): warning: chunk is already free.
Last login: Wed Jul  5 21:01:58 2000 on ttyE0
but lets me log in.
More frustrating is that I cannot change my password:

hcb@fkmac26$ passwd
hcb@PHC.CHALMERS.SE's Password:
New password:
Verifying password - New password:
passwd: kpasswd/udp unknown service, using default port 464
passwd: krb5_change_password: Bad file descriptor

I looked through /etc/services and compared with what the heimdal
distribution says, and indeed port 464 is undefined in
/etc/services. Heimdal says
kpasswd         464/udp                         # password changing
kpasswd         464/tdp                         # password changing

If I add the lines above to /etc/services, only
passwd: krb5_change_password: Bad file descriptor

Further, looking through /etc/rc.d/kerberos and /etc/inetd.conf, I find
references to programs non-existent on my machines:
* /usr/sbin/kerberos
* /usr/libexec/registerd

I admit being relatively clueless as to setting up Kerberos, so any
hints, tips and explanations are warmly welcome.

Best regards,
Dr. Hans-Christian Becker (
Department of Physical Chemistry
Chalmers University of Technology, Sweden