Description of problem: When following '8.10 Implementing PAM Authentication' from the Satellite 5.4 installation guide the following example is given to show authentication against Kerberos: ========== As an example, for a Red Hat Enterprise Linux 5 i386 system, to authenticate against Kerberos one could put the following in /etc/pam.d/rhn-satellite: #%PAM-1.0 auth required pam_env.so auth sufficient pam_krb5.so no_user_check auth required pam_deny.so account required pam_krb5.so no_user_check ========== However the above entries do not allow authentication against Kerberos to function. Authentication fails with a check against the 'EXAMPLE.COM' realm instead of what is specified within /etc/krb5.conf. If you specify the 'realm' on the 'auth' and 'account' lines though, authentication is successful through the correct realm. Version-Release number of selected component (if applicable): 5.4.1 How reproducible: Follow the installation guide Actual results: When looking at /var/log/secure after an attempt to log in to the Satellite Web UI: Oct 17 09:33:35 hostname IBM Java[4935]: pam_krb5[4935]: authentication fails for 'username' (username): Authentication service cannot retrieve authentication info (Cannot resolve network address for KDC in requested realm) Expected results: After specifying 'realm', within /var/log/secure: Oct 18 16:33:47 hostname IBM Java[19225]: pam_krb5[19225]: TGT verified Oct 18 16:33:47 hostname IBM Java[19225]: pam_krb5[19225]: authentication succeeds for 'username' (username@:YOUR.DOMAIN.COM)