Kerberos Ticket expired on login

I have a fresh install of Lion that did have Kerberos functioning properly but I've noticed recently a lot of clients are regularly unable to connect to iChat when they log in, with an error message that says the server doesn't support Kerberos, while other clients connect to iChat with no problems

I have looked in Core Services > Ticket Viewer and can see that on the clients with the connection problem there is a ticket with the user name but the incorrect realm @WELLKNOWN:COM.APPLE.LKDC and it has expired in 1970!!

If I delete this ticket and add a new one the correct realm is shown and iChat connects properly, but on next log in the incorrect ticket will be back!

Posted on Aug 1, 2012 3:50 AM

Sep 25, 2012 9:27 PM in response to Kevin Neal

I have this problem as well, exactly as shown in the screenshot from tcpudp.🙂

None of the ideas posted here have worked for me, deleting the WELLKNOWN ticket with kdestroy, Ticket Viewer.app, or kswitch -p $(whoami) have any affect either. I've tried serveal different clients, bound them to the OD in directory utility, but nothing works. Something in the server is messed up.

It may be related to this bug: https://discussions.apple.com/thread/4198186 ?

But, my server is setup as OD Master, running it's own DNS which users connect through, not using mDNS/Bonjour, and the Kerberos single-sign-ons aren't working for ssh either, so it is probably a totally different bug.

Let's all report this to apple, they supposedly prioritize bug fixes by report frequency...