krb5.conf.in revision 1.1.1.2
1[libdefaults] 2 default_realm = TEST.H5L.SE TEST2.H5L.SE 3 no-addresses = TRUE 4 allow_weak_crypto = @WEAK@ 5 dns_lookup_kdc = no 6 dns_lookup_realm = no 7 8 9[appdefaults] 10 pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt 11 reconnect-min = 2s 12 reconnect-backoff = 2s 13 reconnect-max = 10s 14 15[realms] 16 TEST.H5L.SE = { 17 kdc = localhost:@port@ 18 admin_server = localhost:@admport@ 19 kpasswd_server = localhost:@pwport@ 20 } 21 SUB.TEST.H5L.SE = { 22 kdc = localhost:@port@ 23 } 24 TEST2.H5L.SE = { 25 kdc = localhost:@port@ 26 kpasswd_server = localhost:@pwport@ 27 } 28 TEST3.H5L.SE = { 29 kdc = localhost:@port@ 30 } 31 TEST4.H5L.SE = { 32 kdc = localhost:@port@ 33 } 34 SOME-REALM5.FR = { 35 kdc = localhost:@port@ 36 } 37 SOME-REALM6.US = { 38 kdc = localhost:@port@ 39 } 40 SOME-REALM7.UK = { 41 kdc = localhost:@port@ 42 } 43 TEST-HTTP.H5L.SE = { 44 kdc = http/localhost:@port@ 45 } 46 H1.TEST.H5L.SE = { 47 kdc = localhost:@port@ 48 } 49 H2.TEST.H5L.SE = { 50 kdc = localhost:@port@ 51 } 52 H3.H2.TEST.H5L.SE = { 53 kdc = localhost:@port@ 54 } 55 H4.H2.TEST.H5L.SE = { 56 kdc = localhost:@port@ 57 } 58 59[domain_realm] 60 .test.h5l.se = TEST.H5L.SE 61 .sub.test.h5l.se = SUB.TEST.H5L.SE 62 .h1.test.h5l.se = H1.TEST.H5L.SE 63 .h2.test.h5l.se = H2.TEST.H5L.SE 64 .h3.h2.test.h5l.se = H3.H2.TEST.H5L.SE 65 .h4.h2.test.h5l.se = H4.H2.TEST.H5L.SE 66 .example.com = TEST2.H5L.SE 67 localhost = TEST.H5L.SE 68 .localdomain = TEST.H5L.SE 69 localdomain = TEST.H5L.SE 70 .localdomain6 = TEST.H5L.SE 71 localdomain6 = TEST.H5L.SE 72 73 74[kdc] 75 enable-digest = true 76 allow-anonymous = true 77 digests_allowed = chap-md5,digest-md5,ntlm-v1,ntlm-v1-session,ntlm-v2,ms-chap-v2 78 strict-nametypes = true 79 80 enable-http = true 81 82 enable-pkinit = true 83 pkinit_identity = FILE:@srcdir@/../../lib/hx509/data/kdc.crt,@srcdir@/../../lib/hx509/data/kdc.key 84 pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt 85 pkinit_pool = FILE:@srcdir@/../../lib/hx509/data/sub-ca.crt 86# pkinit_revoke = CRL:@srcdir@/../../lib/hx509/data/crl1.crl 87 pkinit_mappings_file = @srcdir@/pki-mapping 88 pkinit_allow_proxy_certificate = true 89 90 database = { 91 label = { 92 dbname = @db_type@:@objdir@/current-db@kdc@ 93 realm = TEST.H5L.SE 94 mkey_file = @objdir@/mkey.file 95 acl_file = @srcdir@/heimdal.acl 96 log_file = @objdir@/current@kdc@.log 97 } 98 label2 = { 99 dbname = @db_type@:@objdir@/current-db@kdc@ 100 realm = TEST2.H5L.SE 101 mkey_file = @objdir@/mkey.file 102 acl_file = @srcdir@/heimdal.acl 103 log_file = @objdir@/current@kdc@.log 104 } 105 label3 = { 106 dbname = sqlite:@objdir@/current-db@kdc@.sqlite3 107 realm = SOME-REALM5.FR 108 mkey_file = @objdir@/mkey.file 109 acl_file = @srcdir@/heimdal.acl 110 log_file = @objdir@/current@kdc@.log 111 } 112 } 113 114 signal_socket = @objdir@/signal 115 iprop-stats = @objdir@/iprop-stats 116 iprop-acl = @srcdir@/iprop-acl 117 log-max-size = 40000 118 119[hdb] 120 db-dir = @objdir@ 121 122[logging] 123 kdc = 0-/FILE:@objdir@/messages.log 124 krb5 = 0-/FILE:@objdir@/messages.log 125 default = 0-/FILE:@objdir@/messages.log 126 127# If you are doing preformance measurements on OSX you want to change 128# the kdc LOG line from = to - below to keep the FILE open and avoid 129# open/write/close which is blocking (rdar:// ) on OSX. 130# kdc = 0-/FILE=@objdir@/messages.log 131 132[kadmin] 133 save-password = true 134 default_key_rules = { 135 */des3-only@* = des3-cbc-sha1:pw-salt 136 */aes-only@* = aes256-cts-hmac-sha1-96:pw-salt 137 } 138 @dk@ 139 140[capaths] 141 TEST.H5L.SE = { 142 TEST2.H5L.SE = . 143 SOME-REALM5.FR = 1 144 TEST3.H5L.SE = TEST2.H5L.SE 145 TEST4.H5L.SE = TEST2.H5L.SE 146 TEST4.H5L.SE = TEST3.H5L.SE 147 SOME-REALM6.US = SOME-REALM5.FR 148 SOME-REALM7.UK = SOME-REALM6.US 149 SOME-REALM7.UK = SOME-REALM5.FR 150 } 151 H4.H2.TEST.H5L.SE = { 152 H1.TEST.H5L.SE = H3.H2.TEST.H5L.SE 153 H1.TEST.H5L.SE = H2.TEST.H5L.SE 154 H1.TEST.H5L.SE = TEST.H5L.SE 155 156 TEST.H5L.SE = H3.H2.TEST.H5L.SE 157 TEST.H5L.SE = H2.TEST.H5L.SE 158 159 H2.TEST.H5L.SE = H3.H2.TEST.H5L.SE 160 } 161