[keycloak-user] Understanding "Server Principal" in Kerberos setup

Hi there, I'm trying to set up Keycloak to use Kerberos with Active Directory. But I'm not sure, I understand the Server Principal correctly. Keycloak is running on a server, that is reachable under keycloak.some.domain.com The Kerberos Realm is whatever.else.com So is the Server Principal correctly specified as: HTTP/keycloak.some.domain.com(a)whatever.else.com Or more general HTTP/<CLIENT HOST>@<Kerberos Realm> And is <Kerberos Realm> in the Server Principal always the same as stated in "Kerberos Realm" in the admin ui? And does case matter anywhere? Greetings, Malte