On Thu, 2014-07-31 at 09:06 -0400, Benjamin Kaduk wrote: > I can't say that I have direct experience with this issue on OS X, but > I > will note that on my FreeBSD machines (which also use a Heimdal > variant > for krb5, thougha different version than OS X), libkrb5 is pretty > insistent on using DNS queries to lookup which machine(s) are the KDC > for > the realm in question. In the case of my test cell of VMs on my > laptop, > there are no DNS entries for the names I have given them, so > operations > such as aklog just hang for several seconds and report failure. > > I would suggest monitoring what DNS queries are being made; it may > prove
One early thing to check: make sure you are actually using OS X's Kerberos. MacPorts or Homebrew may pull in Kerberos as a dependency and this can lead to getting tickets with one and then trying to aklog with the other, and they may be using different ccaches and sometimes different krb5.conf files. -- brandon s allbery kf8nh sine nomine associates [email protected] [email protected] unix openafs kerberos infrastructure xmonad http://sinenomine.net
