Solution: Make sure that the host name is defined in DNS and that the host-name-to-address and address-to-host-name mappings are consistent.Cause: The ticket sent did not have the correct cross-realms.Solution: Make sure that the server you are communicating with is in the same realm as the client, or that the realm configurations are correct.
Cause: More default encryption types are included in the base release in the Solaris 10 8/07 release.Clients can request encryption types that may not be supported by a KDC running an older version of the Solaris software.The realms might not have the correct trust relationships set up.Solution: Make sure that the realms you are using have the correct trust relationships.This message might occur when tickets are being forwarded.
Solution: Make sure that the network addresses are correct.
You can modify the policy or principal by using Cause: The KDC reply did not contain the expected principal name, or other values in the response were incorrect.
Solution: Make sure that the KDC you are communicating with complies with RFC1510, that the request you are sending is a Kerberos V5 request, or that the KDC is available.
Destroy your tickets with Cause: Kerberos could not recognize the message type that was sent by the Kerberized application.
Solution: If you are using a Kerberized application that was developed by your site or a vendor, make sure that it is using Kerberos correctly.
Solution: Make sure that you are using with the correct options.