On Tue, 12 Apr 2011, Alain Péan wrote: > Sorrry, little error with the output of klit -ke, because I am testing > on a test AD domain at this moment. On the first machine, output is : > # klist -ke > Keytab name: FILE:/etc/krb5.keytab > KVNO Principal > ---- > -------------------------------------------------------------------------- > 2 host/appleton.lab-lpp.local at LAB-LPP.LOCAL (DES cbc mode with CRC-32) > 2 host/appleton.lab-lpp.local at LAB-LPP.LOCAL (DES cbc mode with RSA-MD5) > 2 host/appleton.lab-lpp.local at LAB-LPP.LOCAL (ArcFour with HMAC/md5) > 2 host/appleton at LAB-LPP.LOCAL (DES cbc mode with CRC-32) > 2 host/appleton at LAB-LPP.LOCAL (DES cbc mode with RSA-MD5) > 2 host/appleton at LAB-LPP.LOCAL (ArcFour with HMAC/md5) > 2 APPLETON$@LAB-LPP.LOCAL (DES cbc mode with CRC-32) > 2 APPLETON$@LAB-LPP.LOCAL (DES cbc mode with RSA-MD5) > 2 APPLETON$@LAB-LPP.LOCAL (ArcFour with HMAC/md5) You're still lightly mixing machines though, as your error before referred to 'bardeen' not appleton. I'm not certain that I've seen a complete picture here. I think disabling validate would still get you back to your old behaviour, but that there's something wrong with the keytabs on these machines. jh