Description of problem:
When following '8.10 Implementing PAM Authentication' from the Satellite 5.4 installation guide the following example is given to show authentication against Kerberos:

==========
As an example, for a Red Hat Enterprise Linux 5 i386 system, to authenticate against Kerberos one could put the following in /etc/pam.d/rhn-satellite:

#%PAM-1.0
auth        required      pam_env.so
auth        sufficient    pam_krb5.so no_user_check
auth        required      pam_deny.so
account     required      pam_krb5.so no_user_check
==========

However the above entries do not allow authentication against Kerberos to function. Authentication fails with a check against the 'EXAMPLE.COM' realm instead of what is specified within /etc/krb5.conf.

If you specify the 'realm' on the 'auth' and 'account' lines though, authentication is successful through the correct realm.

Version-Release number of selected component (if applicable):
5.4.1

How reproducible:
Follow the installation guide

Actual results:
When looking at /var/log/secure after an attempt to log in to the Satellite Web UI:

Oct 17 09:33:35 hostname IBM Java[4935]: pam_krb5[4935]: authentication fails for 'username' (username@EXAMPLE.COM): Authentication service cannot retrieve authentication info (Cannot resolve network address for KDC in requested realm)


Expected results:
After specifying 'realm', within /var/log/secure:

Oct 18 16:33:47 hostname IBM Java[19225]: pam_krb5[19225]: TGT verified
Oct 18 16:33:47 hostname IBM Java[19225]: pam_krb5[19225]: authentication succeeds for 'username' (username@:YOUR.DOMAIN.COM)