1[libdefaults] 2 default_realm = TEST.H5L.SE TEST2.H5L.SE 3 no-addresses = TRUE 4 allow_weak_crypto = @WEAK@ 5 6[appdefaults] 7 pkinit_anchors = FILE:@certdir@/ca.crt 8 reconnect-min = 2s 9 reconnect-backoff = 2s 10 reconnect-max = 10s 11 12[realms] 13 TEST.H5L.SE = { 14 kdc = localhost:@port@ 15 admin_server = localhost:@admport@ 16 kpasswd_server = localhost:@pwport@ 17 18 pkinit_anchors = FILE:@certdir@/ca.crt 19 20 } 21 SUB.TEST.H5L.SE = { 22 kdc = localhost:@port@ 23 } 24 TEST2.H5L.SE = { 25 kdc = localhost:@port@ 26 kpasswd_server = localhost:@pwport@ 27 } 28 TEST3.H5L.SE = { 29 kdc = localhost:@port@ 30 } 31 TEST4.H5L.SE = { 32 kdc = localhost:@port@ 33 } 34 TEST-HTTP.H5L.SE = { 35 kdc = http/localhost:@port@ 36 } 37 38[domain_realm] 39 .test.h5l.se = TEST.H5L.SE 40 .sub.test.h5l.se = SUB.TEST.H5L.SE 41 .example.com = TEST2.H5L.SE 42 localhost = TEST.H5L.SE 43 44 45[kdc] 46 enable-digest = true 47 allow-anonymous = true 48 digests_allowed = chap-md5,digest-md5,ntlm-v1,ntlm-v1-session,ntlm-v2,ms-chap-v2 49 50 enable-http = true 51 52 enable-pkinit = true 53 pkinit_identity = FILE:@certdir@/kdc.crt,@certdir@/kdc.key 54 pkinit_anchors = FILE:@certdir@/ca.crt 55 pkinit_pool = FILE:@certdir@/sub-ca.crt 56# pkinit_revoke = CRL:@certdir@/crl1.crl 57 pkinit_mappings_file = @confdir@/pki-mapping 58 pkinit_allow_proxy_certificate = true 59 pkinit_kdc_friendly_name = CN=kdc,C=SE 60 pkinit_principal_in_certificate = true 61 pkinit_PKINIT_KX_mit_bug = true 62 63 database = { 64 label = { 65 dbname = @testdir@/current-db@kdc@ 66 realm = TEST.H5L.SE 67 mkey_file = @testdir@/mkey.file 68 acl_file = @confdir@/heimdal.acl 69 log_file = @testdir@/current@kdc@.log 70 } 71 label2 = { 72 dbname = @testdir@/current-db@kdc@ 73 realm = TEST2.H5L.SE 74 mkey_file = @testdir@/mkey.file 75 acl_file = @confdir@/heimdal.acl 76 log_file = @testdir@/current@kdc@.log 77 } 78 } 79 80 signal_socket = @testdir@/signal 81 iprop-stats = @testdir@/iprop-stats 82 iprop-acl = @confdir@/iprop-acl 83 84[logging] 85 kdc = 0-/FILE:@testdir@/messages.log 86 default = 0-/FILE:@testdir@/messages.log 87 krb5 = 0-/FILE:@testdir@/messages.log 88 kpasswdd = 0-/FILE:@testdir@/messages.log 89 90[kadmin] 91 save-password = true 92 @dk@ 93 94[capaths] 95 TEST.H5L.SE = { 96 TEST3.H5L.SE = TEST2.H5L.SE 97 } 98 TEST.H5L.SE = { 99 TEST4.H5L.SE = TEST2.H5L.SE 100 TEST4.H5L.SE = TEST3.H5L.SE 101 } 102