The RFC 3244 project adds support for the Microsoft set password protocol server to MIT Kerberos. In addition, it adds support for both that protocol and the traditional kpasswd protocol over TCP. This protocol is added for better compatibility with Microsoft Windows.
No new public APIs are exposed; MIT Kerberos already contains an API for the client side of this protocol.
The only non-obvious change introduced by the implementation is
kadmin/server/network.c modeled on
src/kdc/network.c (raw | annotated | history). The existing kadmin server does not support TCP; it needs an event loop similar to the KDC in order to support TCP.