On Aug 26, 2011, at 9:26, I wrote: > I think I solved the problem, but am out of the office today to fully test it. It involved setting the default realm and adding some encryption types to the /etc/krb5.conf file. What I still don't understand is what has changed in CentOS 6 that causes a kickstarted system not to be able to authenticate users whereas a CentOS 5 system can. I need to do a few more installs to track down the root cause, and then I'll post an update here. I needed the following lines in the [libdefaults] section of the /etc/krb5.conf to let users authenticate against our Windows AD backend: default_tkt_enctypes = arcfour-hmac-md5 des-cbc-md5 des-cbc-crc des3-cbc-sha1 default_tgs_enctypes = arcfour-hmac-md5 des-cbc-md5 des-cbc-crc des3-cbc-sha1 permitted_enctypes = arcfour-hmac-md5 des-cbc-md5 des-cbc-crc des3-cbc-sha1 whereas in CentOS 5 I only needed the following: default_tkt_enctypes = des-cbc-md5 default_tgs_enctypes = des-cbc-md5 I think I only needed to add the first encryption type to get it to work, but I left them all in for now. I hope this helps someone else in the future if they run into something similar. Alfred