[OpenAFS] aklog not detecting kerberos realm

[Andrew Cobaugh]

I'm having some issues with aklog not determining what kerberos realm
to authenticate to. I have checked that krb5.conf has the correct
default_realm set, and the [domain_realm] mappings are set up the
same. I have verified that aklog works on another linux machine
running openafs-1.4.5. The suspect configuration is on solaris (though
I'm seeing this on another linux machine as well).

Here is what I'm seeing when I issue aklog -d:

$ aklog -d
Authenticating to cell phalengard.com (server alioth).
We've deduced that we need to authenticate using referrals.
Getting tickets: afs/phalengard.com@
Using Kerberos V5 ticket natively
About to resolve name phalenor@PHALENGARD.COM to id in cell phalengard.com.
Id 32766
doing first-time registration of phalenor@phalengard.com at phalengard.com
aklog: Permission denied so unable to create remote PTS user
phalenor@phalengard.com in cell phalengard.com (status: 267269).
Set username to phalenor@phalengard.com
Setting tokens. phalenor@phalengard.com /  @ PHALENGARD.COM

Now if I specify the realm with -k, this is what I get:

$ aklog -d -c phalengard.com -k PHALENGARD.COM
Authenticating to cell phalengard.com (server alioth).
We were told to authenticate to realm PHALENGARD.COM.
Getting tickets: afs/phalengard.com@PHALENGARD.COM
Using Kerberos V5 ticket natively
About to resolve name phalenor to id in cell phalengard.com.
Id 1012
Set username to AFS ID 1012
Setting tokens. AFS ID 1012 /  @ PHALENGARD.COM

That is the expected behavior, and I can't figure out what else I
should be checking. ThisCell is also populated with the correct cell
name.

Any idea what could be going on here? This is being done primarily
under Solaris 10 SPARC, with a recently built openafs-1.4.6.

-- 
Andy Cobaugh
phalenor@gmail.com