/etc/services defines the kpasswd port to be 761. The kerberos source code has it as: krb5-1.2.1/src/include/krb5/stock/osconf.h:#define DEFAULT_KPASSWD_PORT 464 If you don't have kpasswd_server specified in /etc/krb5.conf (the default install doesn't), the kerberos code then uses the hard-coded value rather than the value specified in /etc/services. See changepw.c:krb5_locate_kpasswd().
/etc/services also specifies the kpasswd port as tcp: kpasswd 761/tcp kpwd # Kerberos "passwd" It should be udp: see krb5-1.2.1/src/lib/krb5/os/locate_kdc.c:krb5_locate_srv_conf()
kadmind will listen for password changes on the hard-coded 464 port unless your kdc.conf contains the undocumented 'kpasswd_port' entry.
The entry in /etc/services corresponds to a never-officially-allocated port number. This is messy. Reassigning to the "setup" component, which includes the /etc/services file. I'm going to have to go through it looking for other port-number squatting.
This is already fixed in rawhide.
Fixed in the current release, via general cleanups in /etc/services, and a patch David Wragg sent to krbdev.