The default mapping algorithm uses the primary name of the Kerberos principal to look up the UID. The lookup occurs in the default realm or any realm that is allowed by the auth_to_local_realm parameter in the /etc/krb5/krb5.conf file. For example, the user principal name jdoe@EXAMPLE.COM is mapped to the UID of the UNIX user named jdoe by using the password table. The user principal name jdoe/admin@EXAMPLE.COM is not mapped because the principal name includes the admin instance component.
If the default mappings for the user credentials are sufficient, the GSS credential table does not need to be populated. If the default mapping is not sufficient, as when you want to map a principal name that contains an instance component, then other methods are required. For more information, see the following: