How does Quest Single Sign-on for Java (QSJ) deal with multiple domains?
The general intent of QSJ is to follow the Active Directory approach to this, where all the information that you need about domains is available on the network (via DNS lookups and / or LDAP queries to AD). You don't have to administer and maintain a config file (ie. krb5.conf) of this information on each machine.
What this means:
Note that, even when you do need to tell QSJ about a domain (either QSJ's home domain in "idm.realm" or "idm.principalAtRealm", or external trusts in "idm.ad.externalTrusts"), you only need to tell QSJ the name of the domain, you don't need to specify the domain controllers for that domain. VSJ uses DNS SRV lookups to map the domain name to a list of suitable domain controllers.