[OpenAFS] Re: aklog carps Couldn't determine realm of user

[Benjamin Kaduk]

On Thu, Dec 22, 2016 at 07:50:02PM +0000, Ted Creedon wrote:
> Yes it should but it doesn't. See the conundrum in kadmin->get krbgtkt ?
> I.e how can Principal: krbtgt/CREEDON.BIZ@CREEDON.BIZ have a ticket if it was never loggged in?

It doesn't have a ticket; admin@CREEDON.BIZ has a ticket.
The ticket that admin@CREEDON.BIZ has is a ticket-granting ticket, i.e., the service
principal it is for is krbtgt/CREEDON.BIZ@CREEDON.BIZ.

-Ben