Adding replica principals

My ODM doesn't seem to have generated the correct principals to work on my replicas. I have, for the sake of this post, 1 replica mail.server.com and my ODM is server.domain.com. If I request on the master or replica; kadmin.local -q listprincs I get (as a selection): placement2@SERVER.DOMAIN.COM pop/server.domain.com@SERVER.DOMAIN.COM rebecca@SERVER.DOMAIN.COM rob@SERVER.DOMAIN.COM Should it be: placement2@SERVER.DOMAIN.COM pop/server.domain.com@SERVER.DOMAIN.COM pop/mail.domain.com@SERVER.DOMAIN.COM rebecca@SERVER.DOMAIN.COM rob@SERVER.DOMAIN.COM If so, can I resolve this by manually adding the principal to the master using: kadmin: addprinc -randkey pop/mail.domain.com@SERVER.DOMAIN.COM And then: > ktadd pop/mail.domain.com@SERVER.DOMAIN.COM to update the keytab? Kerberos is running on my replicas and I can authenticate as a user to on the server via kinit "user" I can then use this ticket to ssh into the master. I can also set up Mail.app directly on the replica and use Kerberos as the method of authentication however, this doesn't work from a regular client when kerberos authentication works fine on master for AFP. Thanks for your help. Huw