kpasswd not working

[Wolfgang Friebel <friebel@ifh.de>]

Hi,

I am running a test environment with a Heimdal 0.4e kdc.

When trying to change the password with /usr/heimdal/bin/kpasswd
then I get always:

Reply from server: client: wrong len in reply

when trying to debug I really see two different lengths: 93 and 32347
at the failing test.

I tried with a kdc on Solaris 2.6 using Berkeley DB and on Solaris 2.8
and dbm as the underlying database. I tried to issue the command both
on the local machine(s) and from a remote linux box with the same negative
result.
When I am using the MIT Kerberos 5 client (version 1.2.5)
/usr/kerberos/bin/kpasswd
the password successfully gets changed.

On the contrary when doing kinit with principals, where only the
des-cbc-crc:afs3 salted keys exist, MIT Kerberos kinit does not work while
the heimdal version does, as I reported in an earlier mail.

To me it seems running with a mix of MIT and Heimdal would do the job,
which is of course not desired at all.

I tried many variations of krb5.conf without success. In one of the
kdc.log files I do find the messages No PA-ENC-TIMESTAMP while in the
other (Solaris 2.6) file I do not see that message.

What is wrong with my setup? I tried to follow both the Heimdal
installation doc and the various hints found on the web.

My krb5.conf/kdc.conf:
[libdefaults]
 ticket_lifetime = 90000
 default_realm = MY.REALM
 renew_lifetime = 1209600
 default_etypes = des3-hmac-sha1 des-cbc-md5 des-cbc-crc
 default_etypes_des = des3-hmac-sha1 des-cbc-md5 des-cbc-crc
 krb4_get_tickets = true
 require-preauth = no
[realms]
 my.realm = {
  kdc = kdc.my.realm
  admin_server = kdc.my.realm
  krb4_get_tickets = true
  v4_name_convert = {
    host = {
             rcmd = host
    }
  }
  v4_instance_convert = {
    ftp = ftp.my.realm
  }
  default_domain = my.realm
 }
[kdc]
 require-preauth = no
 enable-kerberos4 = true
 v4-realm = MY.REALM
 enable-kaserver = true
[kadmin]
 default_keys = des3:pw-salt des:pw-salt: des:afs3-salt:my.realm