domain_realm, hostname to realm mapping, what programs/services is this necessary for?

[Christian, Mark]

I primarily use Kerberos with ssh gssapi-with-mic authentications, samba, and apache.  I don't believe I need to populate the [domain_realm] section with hostname/domainname mappings to realms, even though the domainname for the hosts differs from the Kerberos realm; these Kerberized services still work.  Or am I mistaken?  default_realm  is defined under [libdefaults], and dns_lookup_realm and dns_lookup_kdc are set to false.  The krb5.conf man page mentions that this mapping is necessary for some programs or services.  I'm wondering which services require this mapping?

Mark