Kerberos on Mac

[Greg Hudson]

On 05/12/2017 11:28 AM, Matt Darwin wrote:
> I’ve written a detailed description of the problem on stack overflow : http://stackoverflow.com/questions/43685086/

I read this, and I don't see in there the server principal name in the
TGS request on macOS and on Linux.  You might be able to obtain that
with wireshark or similar if you can't get it out of the JVM.  That
information, together with knowledge of your DNS configuration, might
provide a hint as to what's going on.

Note that the JVM has its own Kerberos implementation, which is separate
from MIT krb5, Heimdal, or the macOS fork of Heimdal.  (I believe it's
possible to use a shim to force it to call out to the C library, but
from the stack trace it doesn't appear that you're doing that.)  So the
output you're getting from krb5-config --version is irrelevant, as is
using brew to install a newer C library.