Steps to setup Kerberos can be found in Daylite’s activity set for projects and clients.

As we know with just about everything DNS is critical so make sure it’s 100% before moving forward. It will save you countless time troubleshooting later.


First check your principles then test using Ticket Viewer in CoreServices check your DNS again and finally clean up the client:


1. Delete the certificate via Terminal:

security delete-certificate -c "" /Library/Keychains/System.keychain


2. Delete the local Kerberos configuration via Terminal:

dscl . -delete /Config/KerberosKDC


3. Kill the file that tells system not to setup a new local KDC:

rm /var/db/ .configureLocalKDC


4. Delete the remnants of the previous local KDC:

rm -R /var/db/krb5kdc


5. Create a new local KDC:


Related Articles:

Mac OS X Server – LDAP Stopped / PANIC: fatal region error detected

Mac OS X Server – Kerberos is stopped