Sujeevan Rasaratnam <sujeevan.rasaratnam@alcatel.com> writes: > Thanks for the reply. I have a simlar entry in my kdc.conf . You have two > entry for on principal, is there a reason? Yes, I have two certs. > Do I have to add some extentison in > X.500-name? Do I have to setup something with kadmin? You should check out kdc/kinit.c:pk_check_client() failes to match your name. Love