From 7d85a856d092d92716aefb9ae0e8c88e8bb2b7b3 Mon Sep 17 00:00:00 2001
From: Timothy Pearson <kb9vqf@pearsoncomputing.net>
Date: Fri, 1 Jun 2012 14:19:06 -0500
Subject: Add initial configuration file skeletons

---
 confskel/heimdal/krb5.conf | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 confskel/heimdal/krb5.conf

(limited to 'confskel/heimdal/krb5.conf')

diff --git a/confskel/heimdal/krb5.conf b/confskel/heimdal/krb5.conf
new file mode 100644
index 0000000..adf55df
--- /dev/null
+++ b/confskel/heimdal/krb5.conf
@@ -0,0 +1,40 @@
+[libdefaults]
+    ticket_lifetime = 86400
+    default_realm = @@@REALM_UCNAME@@@
+    default_etypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
+    default_etypes_des = des3-hmac-sha1 des-cbc-crc des-cbc-md5
+
+[appdefaults]
+    pkinit_anchors = FILE:/etc/trinity/ldap/tde-ca/anchors/tdeca.pem
+
+[realms]
+    @@@REALM_UCNAME@@@ = {
+        kdc = @@@KDCSERVER@@@:@@@KDCPORT@@@
+        admin_server = @@@ADMINSERVER@@@:@@@ADMINPORT@@@
+        pkinit_require_eku = @@@PKINIT_REQUIRE_EKU@@@
+        pkinit_require_krbtgt_otherName = @@@PKINIT_REQUIRE_KRBTGT_OTHERNAME@@@
+        win2k_pkinit = @@@WIN2K_PKINIT@@@
+        win2k_pkinit_require_binding = @@@WIN2K_PKINIT_REQUIRE_BINDING@@@
+   }
+
+[domain_realm]
+    @@@REALM_LCNAME@@@ = @@@REALM_UCNAME@@@
+    .@@@REALM_LCNAME@@@ = @@@REALM_UCNAME@@@
+
+[kdc]
+    enable-pkinit = yes
+    pkinit_identity = FILE:/etc/trinity/ldap/tde-ca/public/@@@KDCSERVER@@@.pki.crt,/etc/trinity/ldap/tde-ca/private/@@@KDCSERVER@@@.pki.key
+    pkinit_anchors = FILE:/etc/trinity/ldap/tde-ca/anchors/tdeca.pem
+    pkinit_allow-proxy-certificate = false
+
+    database = {
+        dbname = ldap:@@@REALM_DCNAME@@@
+        acl_file = /etc/kadmind.acl
+    }
+
+[logging]
+    kdc = FILE:/var/log/krb5kdc.log
+    admin_server = FILE:/var/log/kadmin.log
+    default = FILE:/var/log/krb5lib.log
+
+
-- 
cgit v1.2.1