blob: adf55df01e7d5960aa370e3a8dfc8e68bb1ddcd2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
[libdefaults]
ticket_lifetime = 86400
default_realm = @@@REALM_UCNAME@@@
default_etypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
default_etypes_des = des3-hmac-sha1 des-cbc-crc des-cbc-md5
[appdefaults]
pkinit_anchors = FILE:/etc/trinity/ldap/tde-ca/anchors/tdeca.pem
[realms]
@@@REALM_UCNAME@@@ = {
kdc = @@@KDCSERVER@@@:@@@KDCPORT@@@
admin_server = @@@ADMINSERVER@@@:@@@ADMINPORT@@@
pkinit_require_eku = @@@PKINIT_REQUIRE_EKU@@@
pkinit_require_krbtgt_otherName = @@@PKINIT_REQUIRE_KRBTGT_OTHERNAME@@@
win2k_pkinit = @@@WIN2K_PKINIT@@@
win2k_pkinit_require_binding = @@@WIN2K_PKINIT_REQUIRE_BINDING@@@
}
[domain_realm]
@@@REALM_LCNAME@@@ = @@@REALM_UCNAME@@@
.@@@REALM_LCNAME@@@ = @@@REALM_UCNAME@@@
[kdc]
enable-pkinit = yes
pkinit_identity = FILE:/etc/trinity/ldap/tde-ca/public/@@@KDCSERVER@@@.pki.crt,/etc/trinity/ldap/tde-ca/private/@@@KDCSERVER@@@.pki.key
pkinit_anchors = FILE:/etc/trinity/ldap/tde-ca/anchors/tdeca.pem
pkinit_allow-proxy-certificate = false
database = {
dbname = ldap:@@@REALM_DCNAME@@@
acl_file = /etc/kadmind.acl
}
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log
|
