@end group
@end smallexample
-The @code{krb5.conf} file may contain any or all of the following seven
+Placing a `*' at the end of a line indicates that this is the
+@dfn{final} value for the tag. This means that neither the remainder
+of this configuration file nor any other configuration file will be
+checked for any other values for this tag.
+
+For example, if you have the following lines:
+
+@smallexample
+foo = bar*
+foo = baz
+@end smallexample
+
+then the second value of foo (baz) would never be read.
+
+The @code{krb5.conf} file can include other files using either of the
+following directives at the beginning of a line:
+
+@smallexample
+include @var{FILENAME}
+includedir @var{DIRNAME}
+@end smallexample
+
+@var{FILENAME} or @var{DIRNAME} should be an absolute path. The named
+file or directory must exist and be readable. Including a directory
+includes all files within the directory whose names consist solely of
+alphanumeric characters, dashes, or underscores. Included profile files
+are syntactically independent of their parents, so each included file
+must begin with a section header.
+
+The @code{krb5.conf} file may contain any or all of the following
sections:
@table @b
@itemx libdefaults
Contains default values used by the Kerberos V5 library.
+@itemx login
+Contains default values used by the Kerberos V5 login program.
+
@itemx appdefaults
-Contains default values used by Kerberos V5 applications.
+Contains default values that can be used by Kerberos V5 applications.
@itemx realms
Contains subsections keyed by Kerberos realm names. Each subsection
cross-realm authentication. It is also used by the end-service when
checking the transited field for trusted intermediate realms.
+@itemx plugins
+Contains tags to register dynamic plugin modules and to turn modules on
+and off.
+
+@ignore
+this doesn't seem to be used
@itemx kdc
For a KDC, may contain the location of the kdc.conf file.
-@end table
+@end ignore
+@end table