This is needed when imaged macs are to be bound to AD, as there KDC ID’s will all be the same !
1) In the Utilities folder, open Keychain Access. In the System keychain, find and delete the three com.apple.kerberos.kdc entries – a certificate and a public/private key pair generated from that certificate.
2) In Terminal, run
sudo rm -fr /var/db/krb5kdc
this will destroy the local KDC database.
3) In Terminal, run
sudo /usr/libexec/configureLocalKDC
this will regenerate the local KDC database, including a new certificate and SHA1 hash.