1 Fall back to TCP on kdc-unresolvable/unreachable errors. We still have
2 to wait for UDP to fail, so this might not be ideal. RT #5868.
4 --- krb5/src/lib/krb5/os/changepw.c
5 +++ krb5/src/lib/krb5/os/changepw.c
6 @@ -270,10 +270,22 @@ change_set_password(krb5_context context
7 &callback_info, &chpw_rep, ss2sa(&remote_addr),
8 &addrlen, NULL, NULL, NULL);
11 - * Here we may want to switch to TCP on some errors.
14 + /* if we're not using a stream socket, and it's an error which
15 + * might reasonably be specific to a datagram "connection", try
16 + * again with a stream socket */
19 + case KRB5_KDC_UNREACH:
20 + case KRB5_REALM_CANT_RESOLVE:
21 + case KRB5KRB_ERR_RESPONSE_TOO_BIG:
22 + /* should we do this for more result codes than these? */
23 + k5_free_serverlist (&sl);