After configuring /etc/krb5.conf I tried to run kinit user@domain.gov and receive the following error kinit(v5): ASN.1 encoding ended unexpectedly while getting initial credentials.

I am trying to get a ticket from a Windows 2003 Active Directory domain controller. The account is valid and active and in active directory. I am being prompted for the account password, after the correct password is entered, I receive the above error.

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
ticket_lifetime = 24000
default_realm = XYZ.ABC.VA.GOV
dns_lookup_realm = false
dns_lookup_kdc = false

[realms]
XYZ.ABC.VA.GOV = {
kdc = kdc1.xyz.abc.va.gov:88
admin_server = kdc1.xyz.abc.va.gov:749
default_domain = xyz.abc.va.gov
}

[domain_realm]
.xyz.abc.va.gov = XYZ.ABC.VA.GOV
xyz.abc.va.gov = XYZ.ABC.VA.GOV

[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}


Thanks for any inputs.

If you fire up Ethereal (or some other network sniffer), and capture all the packets being exchanged between you and the DC, do you see any type of error? Ethereal, for example, has a dissector for Kerberos traffic, and it should be able to tell you if the packet transfer got interrupted or something. Or maybe the DC isn't responding the way the Kerberos spec says it has to?