I have a NetBSD 1.5.2 server acting as a master to a bunch of Solaris
8/SEAM clients. So far it works well, except the users aren't able to
change their passwords using Solaris' kpasswd utility.

On the Solaris side, running kpasswd returns:

$ kpasswd
kpasswd: Changing password for <user>@<REALM>
Old password:
kpasswd: Cannot establish a session with the Kerberos administrative
server fornrealm <REALM>. Client/server realm mismatch in
initial ticket request.

Checking the NetBSD master logs, I see:

2002-01-28T11:54:30 UNKNOWN --
changepw/<master.domain.com>@<REALM>: No such entry in the database

So I cloned the kadmin/changepw principal on the KDC and created a
changepw/<master.domain.com> with the same attributes.

Now running kpasswd under Solaris gives me:

kpasswd: Cannot establish a session with the Kerberos administrative server
fornrealm <REALM>. Program lacks support for encryption type.

and the KDC logs show:

2002-01-28T14:38:05 No PA-ENC-TIMESTAMP -- <user>@<REALM>

Does anybody have this working? Any clue what I may be doing wrong?

Thanks for your help,
-- 
Michael Santos
mike@ethmoid.org