My ODM doesn’t seem to have generated the correct principals to work on my replicas. I have, for the sake of this post, 1 replica mail.server.com and my ODM is server.domain.com. If I request on the master or replica;

kadmin.local -q listprincs

I get (as a selection):

[email protected]
pop/[email protected]
[email protected]
[email protected]

Should it be:

[email protected]
pop/[email protected]
pop/[email protected]
[email protected]
[email protected]

If so, can I resolve this by manually adding the principal to the master using:

kadmin: addprinc -randkey pop/[email protected]

And then:

> ktadd pop/[email protected]

to update the keytab?

Kerberos is running on my replicas and I can authenticate as a user to on the server via kinit “user” I can then use this ticket to ssh into the master. I can also set up Mail.app directly on the replica and use Kerberos as the method of authentication however, this doesn’t work from a regular client when kerberos authentication works fine on master for AFP.

Thanks for your help.

Huw