.kinit: Preauthentication failed while getting initial credentials

[Tom Yu]

Thomas Beaudry <thomas.beaudry at concordia.ca> writes:

> So i got it to work by switch the encryption type.  In case anyone is wondering i used:  addent -password -p ${user} -k 1 -e rc4-hmac

It's possible that the problem is related to password salting.  (The RC4
enctype has no salt, but the AES ones do.)  We've observed that the salt
for an Active Directory principal is related to the account name rather
than the principal name, e.g., HOSTNAME$ for a computer account.  (An AD
account can have multiple Kerberos principal names.)  Without the
correct salt, the client can't produce the correct password-derived key.

-Tom