You must create a service principal for eDirectory in the same Kerberos realm as the users that use the Kerberos Login Method for NMAS in order to log in to both eDirectory and KDC (to access the eDirectory services and the Kerberized services). This can be done with the help of your Kerberos administrator.
Use the Kerberos Administration tool that is available with your KDC to create the eDirectory Service principal with the encryption type and salt type as DES-CBC-CRC and Normal respectively.
The name of the principal must be novledir/TREENAME@REALMNAME.
NOTE: The TREENAME in novledir/TREENAME@REALMNAME must be in uppercase.
For example, if you are using MIT KDC, execute the following command:
kadmin:addprinc -e des-cbc-crc:normal novledir/MYTREE@MYREALM
For example, if you are using Heimdal KDC, execute the following command:
kadmin -lkadmin> add --random-key novledir/MYTREE@MYREALM
To delete the unsupported encryption types for the service principal, execute the following command:
kadmin> del_enctype novledir/MYTREE@MYREALM des-cbc-md4kadmin> del_enctype novledir/MYTREE@MYREALM des-cbc-md5kadmin> del_enctype novledir/MYTREE@MYREALM des3-cbc-sha1
where MYTREE is the treename and MYREALM is the Kerberos realm.