KERBEROS KdcNames realm kerberos multidomain multikdc
### Trust-Relationship-on-Windows-Server
https://zscaler.zendesk.com/hc/en-us/articles/204843759-Kerberos-Configuration-Example-Trust-Relationship-on-Windows-Server-2012-and-GPO-Push
`HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\KdcNames = kdc.otherrealm.com`
### Define host name-to-Kerberos realm mappings
https://getadmx.com/?Category=Windows_10_2016&Policy=Microsoft.Policies.Kerberos::HostToRealm
Registry Hive HKEY_LOCAL_MACHINE
Registry Path Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos
Value Name domain_realm_Enabled
Value Type REG_DWORD
Enabled Value 1
Disabled Value 0
Registry Hive HKEY_LOCAL_MACHINE
Registry Path Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\domain_realm
Value Name {number}
Value Type REG_SZ
Default Value
Syntax:
Enter the Kerberos realm name as the Value Name.
Enter the host names and DNS suffixes, that you want to
map to the Kerberos realm, as the Value. To add multiple
names, separate entries with ";".
Note: To specify a DNS suffix prepend the entry with a '.' period.
For a host name entry do not specify a leading '.' period.
### Example:
Value Name: MICROSOFT.COM
Value: .microsoft.com; .ms.com; computer1.fabrikam.com;
In the example above. All principals with either the DNS suffix
of *.microsoft.com or *.ms.com will be mapped to the
MICROSOFT.COM Kerberos realm. In addition the host name
computer1.fabrikam.com will also be mapped to the
MICROSOFT.COM Kerberos realm.