Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Subject: mismatch between client keytab default principal for kinit and
 GSS-API
X-RT-Original-Encoding: iso-8859-1
Content-Length: 543

When client keytabs are used to automatically obtain initiator credentials for the GSS-API, we use 
the heuristic of picking the first krb5 principal in the keytab as the GSS identity to use for the 
initiator.  However, 'kinit -k -i', though it uses the client keytab, defaults to attempting to get 
credentials for host/[hostname].  This latter functionality is of questionable utility, and the 
inconsistency between the two scenarios has potential for confusion.  We should probably switch 
the kinit behavior to match the gssapi behavior.