You are here


KDC reply did not match expectations while getting initial credentials

Occasionally one gets reminded of something old.

[root@NAS04256 ~]# kinit
Password for adam@Example.Com: 
kinit: KDC reply did not match expectations while getting initial credentials


[root@NAS04256 ~]# kinit adam@EXAMPLE.COM
Password for adam@EXAMPLE.COM:
[root@NAS04256 ~]# 

In some cases the case of the realm name matters.

Renaming the Volume Group Containing /

Almost every server I work with is a virtual machine; accordingly I like to do one small install with all the packages that I always want [like pam-nss-ldapd, snmp-utils, dstat, etc...] but don't install by default. Then I make sure VMware tools is installed and operational. From that point forward I can just clone that one VM and add to it when I want a new instance of something.

XFS, inodes, & imaxpct

Attempting to create a file on a large XFS filesystem - and it fails with an exception indicating insufficient space! There is available blocks - df says so. HUh? While, unlike traditional UNIX filesystems, XFS doesn't suffer from the boring old issue of "inode exhaustion" it does have inode limits - based on a percentage of the filesystem size.

Which Application?

Which application manages this type of file? How can I, by default, open files of type X with application Y? These questions float around in GNOME forums and mailing lists on a regular basis.

The answer is: gvfs-mime .

yum-config-manager --setopt=

It is common knowledge that on CentOS/RHEL hosts you can enable and disable defined reposities with the yum-config-manager. However it is also possible to use yum-config-manager tool to set any repository parameter using the setopt parameter.


dd is an underrated tool. What it lacks in user interface it makes up for with its swiss-army-knife number of purposes; from testing, to secure wiping, to backup and restore. But that user interface... it is bleak.

LINUX CA Certificate Deployment

Creating an in house signing [aka CA] certificate is a common practice; this allows you to generate free cerficates for internal use. For Windows hosts distributing this CA certificate to all the clients and relevant servers can be accomplished using Active Directory GPOs. Certificate management on LINUX hosts on the other hand has always been a swamp of tedium where the certificates often need to be configured into each client or service. Recent distributions have eased this process considerably by including a quasi-standardized set of scripts and certificate store locations.

Overrides With SSSD

LINUX has long been plagued with a rather lousy identity management scheme. Beyond the limitations of POSIX's getent and related calls [which can be very inefficient] the attempts to stub in network-aware identity services such as LDAP have only piled onto the rough edges. NSCD attempted to work around performance problems via caching - and did not do very well. Then was NSLCD the next evolution of NSCD which was better, but still inflexible. Identity management in more complex networks is a tedious business and what administrators need more than anything else is flexibility.

Uncoloring ls

By default on every recent shell the output of ls is colorized. This is a great feature - but it makes using terminals that use a non-standard [not(background==black)] color-scheme awkward.  Things just disappear;  try reading directory name displayed in yellow on a yellow background.  It is difficult.
How this colorization gets setup in openSUSE is that that the ls command is aliased to "ls --color=auto".  You can see this aliasing using the alias command.

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer