passwd fails when kerberos server points to an IPv6 host

As is clear from the bug reference given, this problem is in the krb5 libraries, not in libpam-krb5.

The following patch is in karmic. It will cause things to work if a
password server has both v4 and v6 addresses and you have v4
connectivity.

I think the 1.7 server has v6 support, but I don't think the 1.7
client even has v6 support.

However, backporting this patch might make the problem less annoying.
commit f6e102ee76028db91a7a973fee8313de352aa5ad
Author: raeburn <raeburn@dc483132-0cff-0310-8789-dd5450dbe970>
Date: Wed Nov 5 17:47:00 2008 +0000

    ticket: 5595

    Only look for IPv4 addresses for the kpasswd server. This is just a
    workaround for other parts of the code failing to cope with IPv6
    addresses, and won't work in an IPv6-only environment; the problem
    should still be fixed for real.

    git-svn-id: svn://anonsvn.mit.edu/svn/krb5/trunk@21004 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb5/os/changepw.c b/src/lib/krb5/os/changepw.c
index 5bd5b86..7811387 100644
--- a/src/lib/krb5/os/changepw.c
+++ b/src/lib/krb5/os/changepw.c
@@ -64,11 +64,12 @@ krb5_locate_kpasswd(krb5_context context, const krb5_data *realm,
     int sockType = (useTcp ? SOCK_STREAM : SOCK_DGRAM);

     code = krb5int_locate_server (context, realm, addrlist,
- locate_service_kpasswd, sockType, 0);
+ locate_service_kpasswd, sockType, AF_INET);

     if (code == KRB5_REALM_CANT_RESOLVE || code == KRB5_REALM_UNKNOWN) {
  code = krb5int_locate_server (context, realm, addrlist,
- locate_service_kadmin, SOCK_STREAM, 0);
+ locate_service_kadmin, SOCK_STREAM,
+ AF_INET);
  if (!code) {
      /* Success with admin_server but now we need to change the
         port number to use DEFAULT_KPASSWD_PORT and the socktype. */

I can confirm that this patch has been applied to karmic, this look likes a good candidate for an SRU. Ill bring it up in the server team weekly meetings.

Regards
chuck