"Admin -> Kerberos -> Additonal Realms"
- Currently requires keytab re-generation which in turn requires restarting the cluster. But it is completely unrelated to keytabs.
- Move "Additional Realms" to the "Kerberos" service configs where it belongs, along with the "auth_to_local" setting which is what it is used for.
- When it is changed:
- No keytab re-generation is then required.
- Instead of silently altering "auth_to_local" rules, they should come up as "Recommendations".