[libdefaults]
    ticket_lifetime = 86400
    default_realm = @@@REALM_UCNAME@@@
    default_etypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
    default_etypes_des = des3-hmac-sha1 des-cbc-crc des-cbc-md5

[appdefaults]
    pkinit_anchors = FILE:/etc/trinity/ldap/tde-ca/anchors/tdeca.pem

[realms]
    @@@REALM_UCNAME@@@ = {
        kdc = @@@KDCSERVER@@@:@@@KDCPORT@@@
        admin_server = @@@ADMINSERVER@@@:@@@ADMINPORT@@@
        pkinit_require_eku = @@@PKINIT_REQUIRE_EKU@@@
        pkinit_require_krbtgt_otherName = @@@PKINIT_REQUIRE_KRBTGT_OTHERNAME@@@
        win2k_pkinit = @@@WIN2K_PKINIT@@@
        win2k_pkinit_require_binding = @@@WIN2K_PKINIT_REQUIRE_BINDING@@@
   }

[domain_realm]
    @@@REALM_LCNAME@@@ = @@@REALM_UCNAME@@@
    .@@@REALM_LCNAME@@@ = @@@REALM_UCNAME@@@

[kdc]
    enable-pkinit = yes
    pkinit_identity = FILE:/etc/trinity/ldap/tde-ca/public/@@@KDCSERVER@@@.pki.crt,/etc/trinity/ldap/tde-ca/private/@@@KDCSERVER@@@.pki.key
    pkinit_anchors = FILE:/etc/trinity/ldap/tde-ca/anchors/tdeca.pem
    pkinit_allow-proxy-certificate = false

    database = {
        dbname = ldap:@@@REALM_DCNAME@@@
        acl_file = /etc/heimdal-kdc/kadmind.acl
    }

[logging]
    kdc = FILE:/var/log/krb5kdc.log
    admin_server = FILE:/var/log/kadmin.log
    default = FILE:/var/log/krb5lib.log