May 24, 2009


Mental note to self

Having a host listed in a listprincs output isn’t enough to have single-sign-on working.

You have explicitly add it with ktadd host/

So in my case:

# kdadmin.local
kadmin.local:  addprinc -randkey host/
kadmin.local:  quit

And then you can do a (on

% kinit
Password for miekg@ATOOM.NET: 
% slogin

And have a password-less login to my server.