Kadmin error: "kadmin: GSS-API (or Kerberos) error while initializing kadmin interface"

[Edgecombe, Jason]

Hi There,

I'm setting up a test kerberos/afs realm and I'm having a problem with
kadmin. kadmin and kadmin.local run fine from the kdc, but kadmin gives
the folloowing error when run from another machine:
kadmin: GSS-API (or Kerberos) error while initializing kadmin interface

The krbadm log shows no output, but kadmin.log  on the kdc shows the
following:
Oct 11 23:15:02 kdc1 kadmind[3821](Notice): Request: kadm5_init,
coeadmin/admin at MYREALM.COM, success, client=coeadmin/admin at MYREALM.COM,
service=kadmin/admin at MYREALM.COM, addr=x.x.x.191, flavor=300001

I can kinit and everything else from the client, I just can't run
kadmin.

both client and server are RHEL4 with MIT krb5-1.5.1. compiled from
source. I get the same error using RedHat's kadmin and the
source-compiled one.
kdc1 is the server and as1 is the client

# on kdc
kadmin:  listprincs
K/M at MYREALM.COM
coeadmin/admin at MYREALM.COM
host/as1.myrealm.com at MYREALM.COM
host/kdc1.myrealm.com at MYREALM.COM
kadmin/admin at MYREALM.COM
kadmin/kdc1.myrealm.com at MYREALM.COM
kadmin/changepw at MYREALM.COM
kadmin/history at MYREALM.COM
krbtgt/MYREALM.COM at MYREALM.COM

I had fixed a previous error about not having kadmin/kdc.myrealm.com in
the DB by adding the service principal. Now I have no errors in any of
the logs, just an error on the console when I run kadmin

What am I missing?

Jason Edgecombe
Solaris & Linux Administrator
Mosaic Computing Group, College of Engineering
UNC-Charlotte
Phone: (704) 687-3514