diff -up authconfig-6.2.8/authinfo.py.no-realm authconfig-6.2.8/authinfo.py
--- authconfig-6.2.8/authinfo.py.no-realm	2016-06-16 14:25:21.354653226 +0200
+++ authconfig-6.2.8/authinfo.py	2016-06-16 14:27:56.335158214 +0200
@@ -1285,7 +1285,7 @@ class AuthInfo:
 		self.ldapServer = ""
 		self.ldapBaseDN = ""
 
-		self.kerberosRealm = ""
+		self.kerberosRealm = None
 		self.kerberosRealmviaDNS = None
 		self.kerberosKDC = ""
 		self.kerberosKDCviaDNS = None
@@ -1698,6 +1698,7 @@ class AuthInfo:
 		section = ""
 		self.allKerberosKDCs = {}
 		self.allKerberosAdminServers = {}
+		realm_found = False
 		# Open the file.  Bail if it's not there or there's some problem
 		# reading it.
 		try:
@@ -1720,6 +1721,7 @@ class AuthInfo:
 				value = matchKeyEquals(line, "default_realm")
 				if value:
 					self.setParam("kerberosRealm", value, ref)
+					realm_found = True;
 					continue;
 				# Check for the DNS settings.
 				value = matchKeyEquals(line, "dns_lookup_kdc")
@@ -1746,6 +1748,7 @@ class AuthInfo:
 					if not self.kerberosRealm:
 						# No reason to use setParam here
 						self.kerberosRealm = subsection
+						realm_found = True;
 					# See if this is a key we care about.
 					value = matchKeyEquals(line, "kdc")
 					if value:
@@ -1754,10 +1757,16 @@ class AuthInfo:
 					value = matchKeyEquals(line, "admin_server")
 					if value:
 						self.allKerberosAdminServers[subsection] = commaAppend(self.getKerberosAdminServer(subsection), value)
-		if self.kerberosRealm:
-			self.setParam("kerberosKDC", self.getKerberosKDC(self.kerberosRealm), ref)
-			self.setParam("kerberosAdminServer", self.getKerberosAdminServer(self.kerberosRealm), ref)
 		f.close()
+		if realm_found:
+			if self.kerberosRealm:
+				self.setParam("kerberosKDC", self.getKerberosKDC(self.kerberosRealm), ref)
+				self.setParam("kerberosAdminServer", self.getKerberosAdminServer(self.kerberosRealm), ref)
+		else:
+			if self.kerberosRealm:
+				self.inconsistentAttrs.append("kerberosRealm")
+			else:
+				self.setParam("kerberosRealm", "", ref)
 		return True
 
 	def readLibuser(self, ref):
@@ -2477,6 +2486,8 @@ class AuthInfo:
 		self.passwordAlgorithm = self.passwordAlgorithm.lower()
 		if self.enableCacheCreds == None:
 			self.enableCacheCreds = True # enabled by default
+		if self.kerberosRealm == None:
+			self.kerberosRealm = ""
 
 	def read(self):
 		ref = self.copy()