changePassword has inconsistent exceptions?

[jootuom]

I'm using the changePassword function from this library and I came across an inconsistency in the exceptions it throws.

If you do this:

try:
    result = kerberos.changePassword(
        uname, oldpw, newpw
    )
    return {"success": result}
except kerberos.PwdChangeError as e:
    print(len(e.args))
    print(e.args)
    return {
        "error": str(e),
        "description": e.args[0],
        "value": e.args[-1] # my quick hack fix
    }

In every other case the exception will contain 2 arguments, except when the password change fails for policy reasons (complexity).

Example prints:

2
('Preauthentication failed', -1765328360)
1
(('Password change rejected: ', 4),)

Apparently Microsoft's Active Directory KDC also doesn't provide a descriptive error text which should be included after the ": " so it's left blank. This puzzled me for a while also.

Tested against Active Directory KDC.

[jootuom]

I don't do C (nor CPython specifically), but is the problem this, "(s:i)" instead of "((s:i))"?

EDIT: is the logic in the change_user_krb5pwd function flawed? krb5_change_password should return non-zero when the change fails, in which case we go into the if (code) block and will never hit if (result_code) where the descriptive error is constructed which is the reason it's missing?

Microsoft's RFC (ctrl+f "result string") says that the descriptive error is not mandatory so I figured they don't include one in their responses. But maybe after all this library just doesn't construct and return it?