| blob | 99fb5449036b142be181e2b326ba65aec8a25e3d |
1 include @srcdirabs@/include-krb5.conf
3 [libdefaults]
4 default_keytab_name = @objdir@/server.keytab
5 enable-kx509 = yes
6 kx509_store = PEM-FILE:/tmp/cert_%{euid}.pem
7 default_realm = TEST.H5L.SE
8 kuserok = SYSTEM-K5LOGIN:@srcdir@/../kdc/k5login
9 kuserok = USER-K5LOGIN
10 kuserok = SIMPLE
11 block_dns = yes
13 [realms]
14 TEST.H5L.SE = {
15 kdc = 127.0.0.1:@port@
16 auth_to_local_names = {
17 user1 = mapped_user1
18 }
19 }
21 [kdc]
22 enable-digest = true
23 allow-anonymous = true
24 digests_allowed = chap-md5,digest-md5,ntlm-v1,ntlm-v1-session,ntlm-v2,ms-chap-v2
25 strict-nametypes = true
26 synthetic_clients = true
27 enable_gss_preauth = true
28 gss_mechanisms_allowed = sanon-x25519
29 enable-pkinit = true
30 pkinit_identity = FILE:@srcdir@/../../lib/hx509/data/kdc.crt,@srcdir@/../../lib/hx509/data/kdc.key
31 pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt
32 pkinit_pool = FILE:@srcdir@/../../lib/hx509/data/sub-ca.crt
33 # pkinit_revoke = CRL:@srcdir@/../../lib/hx509/data/crl1.crl
34 pkinit_mappings_file = @srcdir@/pki-mapping
35 pkinit_allow_proxy_certificate = true
37 database = {
38 dbname = @objdir@/current-db
39 realm = TEST.H5L.SE
40 mkey_file = @objdir@/mkey.file
41 log_file = @objdir@/current.log
42 }
44 [hdb]
45 db-dir = @objdir@
46 enable_virtual_hostbased_princs = true
47 virtual_hostbased_princ_mindots = 1
48 virtual_hostbased_princ_maxdots = 3
49 same_realm_aliases_are_soft = true
51 [logging]
52 kdc = 0-/FILE:@objdir@/messages.log
53 default = 0-/FILE:@objdir@/messages.log
55 include @srcdirabs@/missing-krb5.conf