We are happy that you managed to get things fixed.
Based on the information, perhaps you are using an OS that was not compatible/validated with 5.4, but since has been incorporated to 5.4.1; since you were able to use Kerberos succesfully, but weren't able to enumerate the user's identity, all points to an issue with the Name Service Switch environment.
All is good.
*****Moderation notice (all posters): Always include the operating version; this way we can do a better assessment. Linux-like systems have variations; AIX, HP-UX and Solaris are all different, and let's not even get started with OS X.
For example, this could have been an OS X user trying an early version of High-Sierra or any of these OSs:
- Amazon Linux AMI - latest version (x86_64)
- CentOS 6.9 (x86_64)
- Oracle Linux 6.9 (x86_64)
- RHEL 6.9 (x86_64)
- Ubuntu 17.04 (x86_64)
Which support was included in 5.4.1
R.P