Utterly killing Kerberos on your Open Directory Master.
Recently, I got an email from one of the mailing lists I’m on asking if anybody knew how to stop an Open Directory’s Kerberos server and keep it stopped. It’s not generally a good idea to kill your Kerberos service on your OD Master, but if you have a circumstance where you need it, here’s a way to kill it and keep it dead.
After creating your OD Master and verifying that everything is running the way it should be, open Terminal and enter the following command:
sudo sso_util remove -k -a <admin username> -p <password>
When this process is done running, all keytabs and the kadmin process on your OD Master will be killed. To be thorough, you may want to run the other following commands:
sudo rm /etc/krb5.keytab
sudo rm /Library/Preferences/edu.mit.Kerberos
What I’ve described above will kill Kerberos and stop it running. Unfortunately, what I don’t know is how to restart it after it’s been killed (short of an erase and fresh install) so don’t do this unless you need it. As always, also please test this carefully before doing it on your production box.