(sorry for the slow answer, an over-eager spam filter swallowed this msg).
In wireshark, the server name sent in the ticket is correct
(proxy.example.com) , encryption is rc4-hmac and knvo=5.
This is the same kvno as seen in klist -ekt /etc/krb5.keytab (with
des-cbc-crc, des-cbc-md5,
That should work. What do you see in Wireshark when you look at the traffic
to the proxy ? If you exand the Negotiate header you should see what is the
principal name and kvno. Both must match what is in your keytab ( check with
klist -ekt /etc/keytab)
Markus
Sean Boran s...@boran.com