I just tried upgrading again, and I still can't kinit, although the error has changed:
$ kinit someu...@realm.com's Password: kinit: krb5_get_init_creds: Client have no reply key I'm not sure what to make of that, I find one reference mapping that text to KRB5KDC_ERR_CLIENT_NOTYET: "Client not yet valid - try again later," but I don't see anything in the kadmin output for the principals in question that indicates it wouldn't be valid yet. Changing the principal's password has no effect. kadmin> get -l someuser Principal: someu...@realm.com Principal expires: never Password expires: never Last password change: 2011-02-05 01:36:57 UTC Max ticket life: 2 days Max renewable life: 1 week Kvno: 37 Mkvno: 0 Last successful login: never Last failed login: never Failed login count: 0 Last modified: 2011-02-05 01:36:57 UTC Modifier: kadmin/ad...@realm.com Attributes: Keytypes: aes256-cts-hmac-sha1-96(pw-salt), arcfour-hmac-md5(pw-salt), des3-cbc-sha1(pw-salt), des-cbc-md5(afs3-salt(snurgle.org)), des-cbc-md4(afs3-salt(snurgle.org)), des-cbc-crc(afs3-salt(snurgle.org)) PK-INIT ACL: Aliases: Could this be a client configuration mishap of some sort? -- ..ooOO ch...@chiappa.net | My opinions are my own OOoo.. ..ooOO chris.chia...@oracle.com | and certainly not those OOoo.. ..ooOO http://www.chiappa.net/~chris/ | of my employer OOoo.. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org