-------------------------------------------------
--- /etc/krb5.conf-deb	2009-03-04 14:48:37.000000000 +0100
+++ /etc/krb5.conf	2009-03-04 14:51:23.000000000 +0100
@@ -1,5 +1,5 @@
 [libdefaults]
-	default_realm = ATHENA.MIT.EDU
+	default_realm = CERN.CH
 
 # The following krb5.conf variables are only for MIT Kerberos.
 	krb4_config = /etc/krb.conf
@@ -9,6 +9,10 @@
 	forwardable = true
 	proxiable = true
 
+# ticket_lifetime = 25h
+# renew_lifetime = 120h
+
+
 # The following encryption type specification will be used by MIT Kerberos
 # if uncommented.  In general, the defaults in the MIT Kerberos code are
 # correct and overriding these specifications only serves to disable new
@@ -112,6 +116,33 @@
 		admin_server = krb5-admin.stanford.edu
 		default_domain = stanford.edu
 	}
+ CERN.CH = {
+  default_domain = cern.ch
+  kpasswd_server = afskrb5m.cern.ch
+  admin_server = afskrb5m.cern.ch
+  kdc = afsdb2.cern.ch
+  kdc = afsdb3.cern.ch
+  kdc = afsdb1.cern.ch
+
+  v4_name_convert = {
+     host = {
+         rcmd = host
+     }
+  }
+ }
+; the external institutes info is completely static for now and comes
+; straight from the NCM template
+ FNAL.GOV = {
+  default_domain = fnal.gov
+  admin_server = krb-fnal-admin.fnal.gov
+  kdc = krb-fnal-1.fnal.gov:88 
+  kdc = krb-fnal-2.fnal.gov:88 
+  kdc = krb-fnal-3.fnal.gov:88 
+ }
+ KFKI.HU = {
+  kdc = kerberos.kfki.hu
+  admin_server = kerberos.kfki.hu
+ }
 
 [domain_realm]
 	.mit.edu = ATHENA.MIT.EDU
@@ -124,6 +155,9 @@
 	whoi.edu = ATHENA.MIT.EDU
 	.stanford.edu = stanford.edu
 	.slac.stanford.edu = SLAC.STANFORD.EDU
+ .cern.ch = CERN.CH
+ .fnal.gov = FNAL.GOV
+ .kfki.hu = KFKI.HU
 
 [login]
 	krb4_convert = true