From d3232e27b99b0f4d9ca9c508cc9aad1d44188d2f Mon Sep 17 00:00:00 2001
From: Giorgos Keramidas <keramida@FreeBSD.org>
Date: Tue, 26 Oct 2004 23:14:40 +0000
Subject: [PATCH] Add admin_server to the krb5.conf sample and a note about
 configuring krb5.conf either maximally (when DNS is not available) or
 minimally (in the presence of a proper DNS setup).

Submitted by:	Tillman Hodgson (tillman at seekingfire dot com)
---
 en_US.ISO8859-1/books/handbook/security/chapter.sgml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/en_US.ISO8859-1/books/handbook/security/chapter.sgml b/en_US.ISO8859-1/books/handbook/security/chapter.sgml
index f41de102f3..aacefe2df1 100644
--- a/en_US.ISO8859-1/books/handbook/security/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/security/chapter.sgml
@@ -2342,6 +2342,7 @@ kerberos_stash="YES"</programlisting>
 [realms]
     EXAMPLE.ORG = {
         kdc = kerberos.example.org
+        admin_server = kerberos.example.org
     }
 [domain_realm]
     .example.org = EXAMPLE.ORG</programlisting>
@@ -2370,6 +2371,15 @@ _kpasswd._udp       IN  SRV     01 00 464 kerberos.example.org.
 _kerberos-adm._tcp  IN  SRV     01 00 749 kerberos.example.org.
 _kerberos           IN  TXT     EXAMPLE.ORG.</programlisting></note>
 
+      <note>
+        <para>For clients to be able to find the
+          <application>Kerberos</application> services, you
+          <emphasis>must</emphasis> have either a fully configured
+          <filename>/etc/krb5.conf</filename> or a miminally configured
+          <filename>/etc/krb5.conf</filename> <emphasis>and</emphasis> a
+          properly configured DNS server.</para>
+      </note>
+
       <para>Next we will create the <application>Kerberos</application>
 	database.  This database contains the keys of all principals encrypted
 	with a master password.  You are not