Fixing “Wrong principal in request” in Kerberos 5
krb5_newrealm doesn’t seem to add enough lines to /etc/krb5.conf. To fix this, add the following lines to /etc/krb5.conf on all machines participating in the realm. My local realm is LAN, but substitute your own. The new lines will be in bold, the existing lines should already exist, if they don’t, add them.
[realms]
LAN = {
kdc = infinity.lan
admin_server = infinity.lan
default_domain = lan
}
[domain_realm]
.lan = LAN
lan = LAN
All hosts/servers participating in the realm that offer Kerberized services should have a FQDN that ends in your realm’s domain name (.lan in my case).