How do you get the Kerberos Realm into the directory?

Hello, Leopard server has been running for a week now, with clients doing network logins and other wonderful things. However, "single signon" isn't really working. Users get prompted for passwords as if Kerberos wasn't enabled, despite that the users, hosts and services for those hosts all have kerberos principles on the KDC. I noticed this today though: [code] # sudo sso_util info -g Default Realm Name: MYHOST.MYREALM.CA # sudo sso_util info -r /LDAPv3/127.0.0.1/ The Local realm name is:(null) [/code] From the sso_util man page, it looks like the 'configure' command may be what I need, but I want to be careful not to over-write all of the existing credentials in the KDC. What would be the best way to get the Kerberos Realm into the directory? When new clients join the directory, they do get the correct REALM, and the services are auto-configured for them, so there is a directory entry for the client configuration data, but apparently Open Directory doesn't know it's realm, or am I misunderstanding this "Local realm" thing? Thanks!