can't connect to dunegpvm (krb5_get_init_creds: unable to reach any KDC in realm FNAL.GOV, tried 0 KDCs)

[hschellman]

This comes when you are behind a NAT

https://computing.fnal.gov/wilsoncluster/kerberos-ssh-troubleshooting/ suggests

Make certain your krb5.conf is up to date: https://authentication.fnal.gov/krb5conf/

Error message: kinit: Unable to acquire credentials for 'user@FNAL.GOV': Cannot contact any KDC for realm 'FNAL.GOV'

Problem: You are behind a firewall or are using an internet connection which has a “NAT” (Network Address Translation), such as on a home wireless router.

Solutions:

Step 1: Check your connectivity, as shown below, to one of the Fermilab Kerberos authentication servers (such as krb-fnal-1.fnal.gov) to make sure you can reach the server at the other end. If successful move to step 2. If this fails, please open a ticket via our User Support page.

[@mylaptop ~]$ telnet krb-fnal-1.fnal.gov 88 Trying 131.225.110.105... Connected to krb-fnal-1.fnal.gov. Escape character is '^]'. ^] telnet> quit Connection closed.

OR, in case of some mac OS versions that are missing the telnet utility, use the nc utility as follows:

[@mylaptop ~]$ nc -vz krb-fnal-1.fnal.gov 88 Connection to krb-fnal-1.fnal.gov port 88 [tcp/kerberos] succeeded

Step 2: Request an address-less Kerberos ticket as follows:

kinit -a username@FNAL.GOV

If you do

klist -a

you should see as the last line

Addresses: (none)