OK,
That particular candidate seems like a very unusual end corner case. Where
someone cloned an existing VM, renamed it, re-IP'd and (incorrectly)
re-joined it to AD.
I saw "incorrectly", because they did not clear the existing
/etc/krb5.keytab file prior to the re-join. Hence, the old bogus
On 9/2/21 12:49 AM, Sumit Bose wrote:
The reason is that 'kinit -k' constructs the principal by calling
gethostname() or similar, adding the 'host/' prefix and the realm. But
by default this principal in AD is only a service principal can cannot
be used to request a TGT as kinit does. AD only