tests/kdc/krb5.conf.in

[libdefaults]
	default_realm = TEST.H5L.SE TEST2.H5L.SE
	no-addresses = TRUE
	allow_weak_crypto = @WEAK@

[appdefaults]
	pkinit_anchors = FILE:@certdir@/ca.crt
	reconnect-min = 2s
	reconnect-backoff = 2s
	reconnect-max = 10s

[realms]
	TEST.H5L.SE = {
		kdc = localhost:@port@
		admin_server = localhost:@admport@
		kpasswd_server = localhost:@pwport@

		pkinit_anchors = FILE:@certdir@/ca.crt

	}
	SUB.TEST.H5L.SE = {
		kdc = localhost:@port@
	}
	TEST2.H5L.SE = {
		kdc = localhost:@port@
		kpasswd_server = localhost:@pwport@
	}
	TEST3.H5L.SE = {
		kdc = localhost:@port@
	}
	TEST4.H5L.SE = {
		kdc = localhost:@port@
	}
	TEST-HTTP.H5L.SE = {
		kdc = http/localhost:@port@
	}

[domain_realm]
	.test.h5l.se = TEST.H5L.SE
	.sub.test.h5l.se = SUB.TEST.H5L.SE
	.example.com = TEST2.H5L.SE
	localhost = TEST.H5L.SE


[kdc]
	enable-digest = true
	allow-anonymous = true
	digests_allowed = chap-md5,digest-md5,ntlm-v1,ntlm-v1-session,ntlm-v2,ms-chap-v2

	enable-http = true

	enable-pkinit = true
	pkinit_identity = FILE:@certdir@/kdc.crt,@certdir@/kdc.key
	pkinit_anchors = FILE:@certdir@/ca.crt
	pkinit_pool = FILE:@certdir@/sub-ca.crt
#	pkinit_revoke = CRL:@certdir@/crl1.crl
	pkinit_mappings_file = @confdir@/pki-mapping
	pkinit_allow_proxy_certificate = true
	pkinit_kdc_friendly_name = CN=kdc,C=SE
	pkinit_principal_in_certificate = true
	pkinit_PKINIT_KX_mit_bug = true

	database = {
		label = {
			dbname = @testdir@/current-db@kdc@
			realm = TEST.H5L.SE
			mkey_file = @testdir@/mkey.file
			acl_file = @confdir@/heimdal.acl
			log_file = @testdir@/current@kdc@.log
		}
		label2 = {
			dbname = @testdir@/current-db@kdc@
			realm = TEST2.H5L.SE
			mkey_file = @testdir@/mkey.file
			acl_file = @confdir@/heimdal.acl
			log_file = @testdir@/current@kdc@.log
		}
	}

	signal_socket = @testdir@/signal
	iprop-stats = @testdir@/iprop-stats
	iprop-acl = @confdir@/iprop-acl

[logging]
	kdc = 0-/FILE:@testdir@/messages.log
	default = 0-/FILE:@testdir@/messages.log
	krb5 = 0-/FILE:@testdir@/messages.log
	kpasswdd = 0-/FILE:@testdir@/messages.log

[kadmin]
	save-password = true
	@dk@

[capaths]
	TEST.H5L.SE = {
		TEST3.H5L.SE = TEST2.H5L.SE
	}
	TEST.H5L.SE = {
		TEST4.H5L.SE = TEST2.H5L.SE
		TEST4.H5L.SE = TEST3.H5L.SE
	}