https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280407
Oliver Kiddle <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #7 from Oliver Kiddle <[email protected]> --- I'm hitting this same problem. Adding allow_kdc_spoof does allow it to work but how does one go about "ensuring that the endpoint has a keytab with the KDC's key in it"? If I run `ktutil -k /etc/krb5.keytab list` it lists three keys for the client where the principal is host/fqdn@REALM. What key is needed - I don't want to be putting something that's meant to be a private key on all my clients? The KDC doesn't have an `/etc/krb5.keytab` but there was a master key setup in `/var/heimdal/m-key`. And while that option may fix pam_krb5, I'm also failing to get Kerberos working with NFS. -- You are receiving this mail because: You are the assignee for the bug.
