I am trying to set up kerberos auth for a 6.0.4 FOSS install with these instructions. At first I was trying to point to our main University KDC, but kept seeing errors that ended with "Cannot get kdc for realm myrealm.edu". The principal mapping is setup and according to the same log message is passing the correct principal on, but zimbra can't seem to get to the KDC. I am able to kinit and get a ticket.
The krb5.conf file that is provided to us relies entirely on DNS lookups, so assuming there may be some hokey DNS SRV records causing me issue here, I tried different DNS servers in the resolv.conf, and fiddled with the zimbraAuthKerberos5Realm setting, but no change in behavior.
We have a krb5 server in our department and we do not use DNS SRV records, so I swapped out my krb5.conf, and changed the zimbraAuthKerberos5Realm to our local realm. Again, I can get a ticket with kinit, but I get the same error about "Cannot get kdc for realm".
I have tried putting my krb5.conf and krb5.keytab files in /etc and in /opt/zimbra/conf, but it doesn't seem to help.
So I have two questions: How is the initial contact with the KDC initiated that I would be seeing an error that has more to do with connectivity than the auth mechanism? How do I display the current values for an attribute? For example, if I run zmprov md myserver zimbraAuthKerberos5Realm MYREALM, how do I verify what the zimbraAuthKerberos5Realm is set to?