In the TCP case there is an extra (redundant) lenght

field before the packet data, address the problem.

ipa-admintools/freeipa-admintools.spec

@@ -1,6 +1,6 @@
 Name:           freeipa-admintools
-Version:        0.3.0
-Release:        4%{?dist}
+Version:        0.4.0
+Release:        1%{?dist}
 Summary:        FreeIPA authentication server
 
 Group:          System Environment/Base

ipa-client/freeipa-client.spec

@@ -1,6 +1,6 @@
 Name:           freeipa-client
-Version:        0.2.0
-Release:        2%{?dist}
+Version:        0.3.0
+Release:        1%{?dist}
 Summary:        FreeIPA client
 
 Group:          System Environment/Base

ipa-python/freeipa-python.spec

@@ -1,6 +1,6 @@
 Name:           freeipa-python
-Version:        0.3.0
-Release:        4%{?dist}
+Version:        0.4.0
+Release:        1%{?dist}
 Summary:        FreeIPA authentication server
 
 Group:          System Environment/Base

ipa-server/freeipa-server.spec

@@ -1,5 +1,5 @@
 Name:           freeipa-server
-Version:        0.3.0
+Version:        0.4.0
 Release:        1%{?dist}
 Summary:        FreeIPA authentication server
 

ipa-server/ipa-kpasswd/ipa_kpasswd.c

@@ -842,7 +842,15 @@ pid_t handle_conn(int fd, int type)
 #endif
 
 	/* children */
-	handle_krb_packets(request, reqlen, &from, &reply, &replen);
+
+	/* TCP packets prepend the lenght as a 32bit network order field,
+	 * this information seem to be just redundant, so let's simply
+	 * skip it */
+        if (type == KPASSWD_TCP) {
+		handle_krb_packets(request+4, reqlen-4, &from, &reply, &replen);
+	} else {
+		handle_krb_packets(request, reqlen, &from, &reply, &replen);
+	}
 
 	if (replen) { /* we have something to reply */
 		if (type == KPASSWD_TCP) {