Greetings all: 


>> Please feel free to make the assumption that I have false
>> understandings.  If "KERBEROS.REALM" is stated, but from syntax it
>> should be "coda.realm", please correct me.
> 
> Yes, it should be "codaaccount_at_coda.realm", not otherwise.

Ok, I tried changing the clog to: 

[root_at_sandbox3 ~]# clog \
  -method kerberos5 coda_admin_user_at_coda.realm \
  -tokenserver sandbox2.host.domain 370 \
  -krealm KERBEROS.REALM \
  -kdc sandbox2.host.domain \
  -servprinc coda/coda.realm 

Basically, the method user_at_realm was changed to the coda realm from the 
kerberos realm.  Also, the servprinc was changed to the coda.realm from 
sandbox2.host.domain. 

Does this appear sane? 


Key points in this email: 

*) The only keytab used by coda inherently is on coda server hosts:
/vice/db/krb5.keytab 

*) The keytab need only maintain the service principle for:
codaauth/coda.realm_at_KERBEROS.REALM 


The discourse on host/ vs coda/ vs codaauth/ ended with a misunderstanding.  
This subject is not important, please disregard. 

The discourse on coda/kerberos auth related definitions and "kerberos 
basics" also ended in misunderstanding.  It may also be disregarded. 

Regards,
 -Don
{void}