Index: debian/univention-heimdal-kdc.univention-config-registry
===================================================================
--- debian/univention-heimdal-kdc.univention-config-registry	(Revision 19153)
+++ debian/univention-heimdal-kdc.univention-config-registry	(Arbeitskopie)
@@ -11,6 +11,12 @@
 Variables: kerberos/defaults/enctypes/tkt
 Variables: kerberos/defaults/enctypes/permitted
 Variables: kerberos/afscell
+Variables: kerberos/defaults/dns_lookup_realm
+Variables: kerberos/defaults/dns_lookup_kdc
+Variables: kerberos/defaults/forwardable
+Variables: kerberos/defaults/proxiable
+Variables: kerberos/defaults/kdc_timesync
+Variables: kerberos/defaults/debug
 
 Type: file
 File: etc/heimdal-kdc/kdc.conf
Index: debian/univention-heimdal-kdc.conffiles
===================================================================
--- debian/univention-heimdal-kdc.conffiles	(Revision 19153)
+++ debian/univention-heimdal-kdc.conffiles	(Arbeitskopie)
@@ -6,3 +6,4 @@
 /etc/univention/service.info/services/univention-heimdal-kdc.cfg
 /etc/univention/registry.info/variables/univention-heimdal-kdc.cfg
 /etc/univention/templates/files/usr/share/univention-heimdal/check_cracklib.py
+/etc/univention/registry.info/categories/univention-heimdal-kdc.cfg
Index: debian/univention-heimdal-kdc.univention-config-registry-variables
===================================================================
--- debian/univention-heimdal-kdc.univention-config-registry-variables	(Revision 19153)
+++ debian/univention-heimdal-kdc.univention-config-registry-variables	(Arbeitskopie)
@@ -27,3 +27,39 @@
 Description[en]=Check of password strength by cracklib2 can be activated by setting this value to 'yes'.
 Type=str
 Categories=System
+
+[kerberos/defaults/dns_lookup_realm]
+Description[de]=Wenn diese Variable auf true gesetzt ist, werden die DNS TXT Einträge zum festellen des Kerberos-Realms eines Hosts genutzt
+Description[en]=Indicate whether DNS TXT records should be used to determine the Kerberos realm of a host. 
+Type=str
+Categories=System
+
+[kerberos/defaults/dns_lookup_kdc]
+Description[de]=Wenn diese Variable auf true gesetzt ist, werden die DNS SRV Einträge zum finden des KDCs genutzt.
+Description[en]=Indicate whether DNS SRV records should be used to locate the KDCs and other servers for a realm.
+Type=str
+Categories=System
+
+[kerberos/defaults/forwardable]
+Description[de]=Wenn diese Variable auf true gesetzt ist, ist das Initialisierungsticket forwardbar
+Description[en]=If this flag is set, initial tickets by default will be forwardable.
+Type=str
+Categories=System
+
+[kerberos/defaults/proxiable]
+Description[de]=Wenn diese Variable auf true gesetzt ist, ist das Initialisierungsticket "proxiable".
+Description[en]=If this flag is set, initial tickets by default will be proxiable. 
+Type=str
+Categories=System
+
+[kerberos/defaults/kdc_timesync]
+Description[de]=Wenn diese Variable auf 1 gesetzt ist, berechnet der Client die Differenz zwischen seiner Zeit und der des Servers
+Description[en]=If this is set to 1 (for true), then client machines will compute the difference between their time and the time returned by the KDC.
+Type=str
+Categories=System
+
+[kerberos/defaults/debug]
+Description[de]=Aktiviert den debug modus
+Description[en]=Activates the debug mode
+Type=str
+Categories=System
Index: debian/univention-heimdal-member.conffiles
===================================================================
--- debian/univention-heimdal-member.conffiles	(Revision 19153)
+++ debian/univention-heimdal-member.conffiles	(Arbeitskopie)
@@ -1,2 +1,3 @@
 /etc/univention/templates/files/etc/krb5.conf
 /etc/univention/registry.info/variables/univention-heimdal-member.cfg
+/etc/univention/registry.info/categories/univention-heimdal-member.cfg
Index: conffiles/etc/krb5.conf
===================================================================
--- conffiles/etc/krb5.conf	(Revision 19153)
+++ conffiles/etc/krb5.conf	(Arbeitskopie)
@@ -17,13 +17,15 @@
 print '\tdefault_tkt_enctypes = %s' % configRegistry.get('kerberos/defaults/enctypes/tkt', 'des3-hmac-sha1 des-cbc-crc des-cbc-md4 des-cbc-md5 des3-cbc-sha1 arcfour-hmac-md5 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96')
 print '\tpermitted_enctypes = %s'   % configRegistry.get('kerberos/defaults/enctypes/permitted', 'des3-hmac-sha1 des-cbc-crc des-cbc-md4 des-cbc-md5 des3-cbc-sha1 arcfour-hmac-md5 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96')
 print '\tkrb4_get_tickets=%s' % configRegistry.get('kerberos/v4tickets', 'no')
-@!@
-	kdc_timesync = 1
-	forwardable = true
-	proxiable = true
-#	debug = true
+if configRegistry.get('kerberos/defaults/dns_lookup_kdc'):
+	print 'dns_lookup_kdc = %s' % configRegistry.get('kerberos/defaults/dns_lookup_kdc', 'true')
+if configRegistry.get('kerberos/defaults/dns_lookup_realm'):
+	print 'dns_lookup_realm = %s' % configRegistry.get('kerberos/defaults/dns_lookup_realm', 'true')
+print 'forwardable = %s' % configRegistry.get('kerberos/defaults/forwardable', 'true')
+print 'proxiable = %s' % configRegistry.get('kerberos/defaults/proxiable', 'true')
+print 'kdc_timesync = %s' % configRegistry.get('kerberos/defaults/kdc_timesync', '1')
+print 'debug = %s' % configRegistry.get('kerberos/defaults/debug', 'false')
 
-@!@
 if configRegistry.has_key('kerberos/realm'):
 	print '[realms]'
 	print '%s = { ' % configRegistry['kerberos/realm']