So I’ve been getting the above error when attempting to use kadmin.local on my OD Master for a while, through 10.3.x and 10.4.x OS X Server.
I had been doing something rather clunky to get around it, which was to destroy any existing Kerberos tickets before ssh’ing into the OD Master, which works fine, but is kind of annoying.
Turns out there is a much easier solution.
Simply generate a ticket for a KDC admin account, and use that for the credentials cache.
localodadmin@odmaster: ~ $ kinit opendirectoryadmin Please enter the password for opendirectoryadmin@MY.KERB.DOMAIN: localodadmin@odmaster: ~ $ sudo kadmin.local -c opendirectoryadmin Authenticating as principal root/admin@MY.KERB.DOMAIN with existing credentials. kadmin.local:
Much easier…