Can't authenticate with Kerberised services.

Hi,

When I log in to Lion (client 10.7.3) I don't get any tickets. When I run kinit and enter my password I get a ticket. I then try and connect to my Mac Mini (running Lion Server 10.7.3) via the Finder but it fails to connect without me having to manually enter the password for my account. I'm not able to authenticate to services like Mail using Kerberos either.

There are a few lines in the Kerberos log file that state the following (some items renamed):

2012-02-29T21:27:28 TGS-REQ foo@SERVER.EXAMPLE.CO.UK from 192.168.2.3:63650 for afpserver/server-example-co-uk.local@SERVER.EXAMPLE.CO.UK [canonicalize]

2012-02-29T21:27:29 Searching referral for server-example-co-uk.local

2012-02-29T21:27:29 Server not found in database: krbtgt/LOCAL@SERVER.EXAMPLE.CO.UK: no such entry found in hdb

2012-02-29T21:27:29 Failed building TGS-REP to 192.168.2.3:63650

I've noticed that I have no /etc/krb5.conf config file, but this might be normal - I'm guessing Apple might have moved some configuration somewhere else. I tried setting up my DNS with the Kerberos service records. changeip -checkhostname all looks good.

The only odd thing I can see is that it looks like it's trying to look for "afpserver/server-example-co-uk.local@SERVER.EXAMPLE.CO.UK" which indeed does not exist in the keytab file. However, "afpserver/server.example.co.uk@SERVER.EXAMPLE.CO.UK" does exist.

Could this be the problem? Where is the .local suffix coming from? And why are the periods being replaced with hyphens in the hostname?

Any other ideas or suggestions?

Thanks in advance!