| blob | 01c4c2e7fa27d7ecc151fadc39a548e24c8dd4e1 |
1 include @srcdirabs@/include-krb5.conf
3 [libdefaults]
4 default_keytab_name = @objdir@/server.keytab
5 enable-kx509 = yes
6 kx509_store = PEM-FILE:/tmp/cert_%{euid}.pem
7 default_realm = TEST.H5L.SE
8 kuserok = SYSTEM-K5LOGIN:@srcdir@/../kdc/k5login
9 kuserok = USER-K5LOGIN
10 kuserok = SIMPLE
12 [realms]
13 TEST.H5L.SE = {
14 kdc = localhost:@port@
15 auth_to_local_names = {
16 user1 = mapped_user1
17 }
18 }
20 [kdc]
21 enable-digest = true
22 allow-anonymous = true
23 digests_allowed = chap-md5,digest-md5,ntlm-v1,ntlm-v1-session,ntlm-v2,ms-chap-v2
24 strict-nametypes = true
25 synthetic_clients = true
26 enable_gss_preauth = true
27 gss_mechanisms_allowed = sanon-x25519
28 enable-pkinit = true
29 pkinit_identity = FILE:@srcdir@/../../lib/hx509/data/kdc.crt,@srcdir@/../../lib/hx509/data/kdc.key
30 pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt
31 pkinit_pool = FILE:@srcdir@/../../lib/hx509/data/sub-ca.crt
32 # pkinit_revoke = CRL:@srcdir@/../../lib/hx509/data/crl1.crl
33 pkinit_mappings_file = @srcdir@/pki-mapping
34 pkinit_allow_proxy_certificate = true
36 database = {
37 dbname = @objdir@/current-db
38 realm = TEST.H5L.SE
39 mkey_file = @objdir@/mkey.file
40 log_file = @objdir@/current.log
41 }
43 [hdb]
44 db-dir = @objdir@
45 enable_virtual_hostbased_princs = true
46 virtual_hostbased_princ_mindots = 1
47 virtual_hostbased_princ_maxdots = 3
48 same_realm_aliases_are_soft = true
50 [logging]
51 kdc = 0-/FILE:@objdir@/messages.log
52 default = 0-/FILE:@objdir@/messages.log
54 include @srcdirabs@/missing-krb5.conf